Nicholas Webber, 19, and Ryan Thomas, 18, both pleaded guilty for their roles in running GhostMarket.net, which had over 8,000 members.
Webber and Thomas were arrested last year after booking themselves into a five star central London hotel, using stolen credit card details to pay for accommodation in the penthouse suite.
Webber was the founder of the website and was the administrator, allowing him to approve or ban members as well as remove or edit posts.
GhostMarket facilitated cyber criminals in various illicit acts, including data theft, credit card fraud, malware propagation and botnet activities.
The forum also provided tips on how to avoid law enforcement and exchange details of vulnerable sites and servers.
During an 11-month investigation, detectives found over 130,000 compromised credit card numbers on the defendants' computers, representing an estimated industry loss of £120 ($192.37) a card.
This caused a potential £15.8 million ($25.3 million) financial loss in relation to card numbers alone.
Two 21-year-olds, Gary Paul Kelly and Shakira Ricardo, were also jailed for computer misuse and fraud offences. This followed a two-day Newton Hearing at Southwark Crown Court.
Kelly was responsible for spreading a Zeus variant across the web, which he used to snare 15,000 computers in over 150 countries, acquiring four million lines of data along the way.
All four defendants pleaded guilty at earlier hearings and a fifth person was sentenced to community service for acquiring criminal property, according to the Metropolitan Police.
In total, the four defendants were sentenced to 15-and-a-half years in prison.
“These defendants were accomplished cyber criminals, engaged in the systematic mass infection of computers in homes and businesses in the UK and overseas,” said Detective Inspector Colin Wetherill from the Police Central e-Crime Unit.
"The arrest, prosecution and conviction of these individuals represents a significant step forward in our efforts to tackle cyber crime and reduce the harm it causes."