Image: ZDNet
OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year.
“It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020,” said Ace, the forum’s administrator.
The attacker is believed to have stolen the details of more than 200,000 users, the latest user counter listed on the forum.
The brief announcement was spotted by data breach monitoring service Under the Breach before the forum was put into maintenance mode by its administrators a few hours ago.
Image: Under the Breach
Before taking the site down, administrators said they reset passwords and urged users to enable two-factor authentication (2FA) for their accounts, so any of the data taken in the hack can’t be used to hijack accounts.
The forum users should know everything about account hijacking since this is how OGUsers became widely known in the first place.
The site rose to infamy in 2018 when fellow tech news site Motherboard identified it as one of the main locations on the internet where hackers were gathering to buy and sell hacked Instagram accounts.
Furthermore, the site also served as a training ground and meeting place for hackers looking to organize SIM swapping (SIM jacking) attacks.
The site’s fame got it unwanted attention, though, and the forum was targeted by rival hackers the next year, in May 2019.
At the time, a hacker breached OGUsers servers, stole details for the site’s 113,000 users, wiped the forum’s hard drives, and later dumped the stolen data on a rival hacking forum.
Image: ZDNet
All the users who had their data traded on the site would call what’s happening to the forum “justice.”
This is also a positive since data that leaks from forums like OGUsers often finds its way into the hands of law enforcement and is then used to follow through on other investigations.