[BreachExchange] Hackers steal data from 113,000 other hackers

Destry Winant destry at riskbasedsecurity.com
Tue May 21 09:43:47 EDT 2019


https://www.itpro.co.uk/security/33670/hackers-steal-data-from-113000-other-hackers

A forum that's popular among a community of online account hijackers
and fraudsters has been breached by its rivals.

The OGUser.com forum, which is also used by hackers that conduct SIM
card swaps to seize control over victims' phone numbers, has itself
been hacked, exposing the email addresses, hashed passwords, IP
addresses and private messages for nearly 113,000 forum users.

The administrator of OGUsers posted on the 12 May that outages caused
by a hard drive failure had erased several months worth of private
messages, forum posts and prestige points. But, he explained to users
that he'd restored a backup from January 2019.

What the administrator didn't know, however, is that at the same time,
hackers had stolen the forum's user database and wiped its hard
drives. This was revealed four days later when the administrator of a
rival hacking community, the perfectly named 'RaidForums', announced
they'd uploaded the OGUsers database for anyone to download for free,
with a fair amount of shade thrown in for good measure.

"On the 12th of May 2019 the forum OGUsers.com was breached and
112,988 users were affected," the message from RaidForums
administrator Omnipotent reads. "I have uploaded the data from this
database breach along with their website source files.

"Their hashing algorithm was the default salted MD5 which surprised
me, anyway the website owner has acknowledged data corruption but not
a breach so I guess I'm the first to tell you the truth. According to
his statement, he didn't have any recent backups so I guess I will
provide one on this thread lmfao."

The database, a copy of which was obtained by KrebsOnSecurity, appears
to hold the usernames, email addresses, hashed passwords, private
messages and IP address at the time of registration for approximately
113,000 users (although a number of these could potentially be users
with multiple aliases).

The publication of the OGUser database has caused some concern for its
community, which has become infamous for attracting people involved in
hijacking phone numbers as a method of taking over a victim's social
media, email and financial accounts.

Several threads on OGUsers quickly were filled with responses from
anxious users concerned about being exposed by the breach. Some
complained they were already receiving phishing emails targeting their
OGUsers accounts and email addresses.

What they're worried about was summed up on Twitter by Analyst Nathan
Lex, who pointed out that this schadenfreude will be most enjoyed by
law enforcement.

"OGUsers got their database hacked. It compromised Private Messages
from every user before 2018. If authority gets a hold of it, any user
that was affiliated with black hat activities will be tracked down in
a heartbeat."


More information about the BreachExchange mailing list