Criminals Hack Forum Used for Trading Stolen Credentials
This is really interesting- a popular online forum that hackers have been using to trade stolen credentials has been hacked!
Reports confirm that OGusers, a popular online form used by hackers to trade stolen account credentials, has been hacked and that this had caused sensitive personal data of many users to be exposed.
Brian Krebs writes, in his website KrebsOnSecurity, “Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.”
It all started with an administrator of OGusers explaining to forum members, on May 12, that an outage had caused a hard drive failure, leading to the erasure of private messages, forum posts and prestige points that’s worth several months. He also stated that he had restored a backup from January 2019. But then, the OGusers administrators didn’t realize that what had happened, coinciding with the outage, was the theft of users’ database from the forum and the wiping of forum hard drives as well. Four days later, on May 16, the administrator of rival hacking community RaidForums uploaded the entire OGusers database for anyone to download for free.
The KrebsOnSecurity report quotes the message that RaidForums administrator Omnipotent has posted. It reads, “On the 12th of May 2019 the forum ogusers.com was breached [and] 112,988 users were affected. I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao.”
Brian Krebs further says, “The database, a copy of which was obtained by KrebsOnSecurity, appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases).”
Experts point out that although the passwords that were exposed are hashed, the fact that the encryption method used was MD5, an older and easily hackable form of encryption, puts all passwords at risk of exposure.
Since OGusers is already known as a forum that attracts people who hijack phone numbers to take over victims’ social media, financial accounts, email etc and sell such access for thousands of dollars, the exposure has caused shock among many in the community. Anxious members responded promptly and, as per Brian Krebs, some of them even complained of being targeted by phishing emails. It’s also reported that some members even expressed anger at the main administrator of OGusers. The members even seemed to claim that the main administrator, who uses the nickname ‘Ace’, altered the functionality of the forum following the hack so as to prevent users from removing their accounts.
On the other hand, reports say that an OGusers administrator commented, after the hack was disclosed, that though members’ frustration is understandable, it’s to be noted that even Twitter, Facebook and other Forums that people have used have been breached more than once.
Brian Krebs concludes his report with a very relevant remark. He says, “It’s difficult not to admit feeling a bit of schadenfreude in response to this event. It’s gratifying to see such a comeuppance for a community that has largely specialized in hacking others. Also, federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.