For the fourth time in two years, the popular hacking forum OGUsers has been hacked. Read on to know more about it…
For the second time in less than a year, a dark web forum specialising in selling stolen social media accounts, SIM cards, and phone numbers was hacked.
OGUsers is a hacking forum that specialises in selling stolen social media accounts obtained by SIM swapping attacks, credential stuffing attacks, and other methods. It’s been four years since OGUsers, an online hacker site, grew into a huge forum dedicated to selling and buying gaming and social media handles.
On April 2, OGUsers published a note on its website, which was picked up by Under The Breach researchers. According to the note, the intruder gained access to OGUsers by uploading a shell to the site’s avatar uploading feature.
To show it committed the hack, the hackers posted 200,551 records immediately on their website, of which 126,431 already had their passwords cracked to plaintext.
The database of the hacking forum, which contains private messages and user records of almost 350,000 members, is now available for sale at a price of $3,000. The hack took place on April 11th, and the hackers obtained access to the entire forum database, which was most likely triggered by bugs in the hacking forum’s plugins.
Hackers Hacking Other Hacking Forums in the Past
This isn’t the first time that OGUsers’ databases have been compromised and sold to other hackers.
The OGUsers admin revealed to its users in May 2019 that they had been compromised as a result of hackers exploiting a custom plugin. OGUsers was hacked again in November 2020, according to Brian Krebs.
According to a tweet from cyberintelligence firm KELA — in the third week of April, the OGUsers forum administrator announced that its website had been compromised after hackers uploaded a web shell to their server. The OGUsers admin wasn’t sure whether its database had been hacked at that time, but members of a rival hacker website started selling the stolen OGUsers database for $3,000 shortly after the hack.
A database containing stolen payment card data was leaked online after Swarmshop, an online cybercriminal card store, was hacked. The database contains 623,036 documents from victims in Canada, Brazil, Saudi Arabia, France, China, the United States, the United Kingdom, Mexico, and Singapore, including 498 bank account credentials and 69,592 U.S. and Canadian social security numbers.
Thousands of usernames, obfuscated passwords, and email addresses were dumped on the dark web after the invite-only cybercrime website Mazafaka was hacked in March.
ZHtrap is an IoT botnet that used honeypots to take over the infrastructure of rival botnets.
The US Department of Justice recently charged members of the OGUsers for their involvement in a series of active hacks on verified Twitter accounts used to promote a cryptocurrency scam.
A Brief Conclusion
Law enforcement agencies and security researchers can benefit from hackers hacking hackers and leaking databases. This OGUsers database leak has the potential to reveal hackers’ true identities by exposing their registered email accounts and IP addresses.
When hacker forums are compromised, it isn’t always a bad thing, but it doesn’t mean the forums will be shut down. Organizations and individuals are compromised on a regular basis, and it is up to us to secure ourselves.