Hackers’ forum hacked, database dumped on Dark Web

According to the ‘Naked Security’ team by cybersecurity firm Sophos, this is the second attack on OGUsers in the recent past, first spotted by data breach monitoring service Under the Breach

April 07, 2020 12:20 pm | Updated 12:20 pm IST - San Francisco

Within a few hours, a rival forum dumped OGUsers’ database of about 2,00,000 user records

Within a few hours, a rival forum dumped OGUsers’ database of about 2,00,000 user records

Cybercriminals have broken into a rival hackers’ forum that trades in stolen Instagram, Twitter and other accounts, and dumped the database on the Dark Web for all to grab.

OGUsers is a forum where hackers come to trade SIM swappers’ stolen phone numbers and Bitcoin accounts.

According to the ‘Naked Security’ team by cybersecurity firm Sophos, this is the second attack on OGUsers in the recent past, first spotted by data breach monitoring service Under the Breach.

“Under the Breach tweeted a screen grab of a notice posted that day by OGUsers’ admin, who goes by the username Ace. In that post, Ace claimed that a hacker successfully pulled off the breach by uploading a shell to the avatar uploading feature,” said the Sophos team.

Within a few hours, a rival forum dumped OGUsers’ database of about 2,00,000 user records.

Those users’ passwords apparently weren’t encrypted, given Under the Breach’s claim that over half of them had already been converted to plain text as of the time the service posted.

Ace announced in May last year that an outage had been caused by hard drive failure that erased months’ worth of private forum posts and prestige points.

It later turned out that the outage coincided with the theft of the forum’s user database and the erasure of its hard drives.

Launched in April 2017, the forum is a market for buying and selling ‘OG’ (original gangster) usernames, which refer to usernames that are considered desirable, whether it’s because they’re short — such as @t or @ty.

According to Motherboard, OGUsers have traded in hijacked social media accounts, as well as in PlayStation Network, Steam, Domino’s Pizza and other online accounts.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.