Posted on May 20, 2019 at 2:33 PM
A well-known forum among account hijacking and SIM swapping attack enthusiasts has interestingly become a victim too. The nasty hacking attack left OGusers vulnerable as passwords, IP addresses, email addresses and confidential messages of well over 110,000 forum members were all leaked.
The Beginning of the End
Not long ago, the management of the forum narrated to members blaming an outage on hard drive failure. It was said that the outage cleared private messages, forum posts and even prestige points that have been accumulating for months. The administrator went ahead to confidently state that a backup restoration going back to the beginning of the year was done. Unknown to the handlers of OGusers, that outage was simultaneous with hackers gaining access to its database and clearing the hard drivers. It was not a hard drive failure but a well-orchestrated attack.
The Dramatic Leakage
In the middle of May, administrator of competing hacking group RaidForums dramatically declared that he had uploaded the database of OGusers. He even went ahead to state that anyone who wanted to download it should go ahead and do so without any fee. In the announcement, the RaidForums admin stated that the attack was actually launched on the 12th of May, 2019 and details of specifically 112,988 users were affected.
The database breach was uploaded alongside the website source files. The poster also expressed surprise that the hashing algorithm was salted MD5. The details of the compromised data included email addresses, internet protocol addresses, website activities, passwords (salted MD5), source code, website data, and private user message. But one of the interesting discoveries is that many of the nicknames are probably going to be the same people using different names.
The release of the database triggered a lot of confusion and shock for numerous members of the community. This is because the forum itself was notorious for acting as a magnet for those into the hijacking of phone numbers of others. They then use these stolen data to overtake the social media, bank accounts, email and other records of the victims. They then go ahead to sell these details to others on the forum for considerably hefty amounts.
Reactions and Consequences
Other posts on OGusers swiftly gained traction from worried users who feared such exposure of their details. Some started raising alarms that they were already getting phishing emails that locked onto their OGusers and email accounts. On the other hand, the official chat channel used by OGusers on Discord was overwhelmed with complaints and statements of shock over the hack. Users expressed fury at the primary forum admin who goes by the alias ‘Ace.’ They accused him of modifying the system of the forum after the hack in such a way that they were unable to delete their accounts following the leaks.
One of the users on the Discord chat directly attacked Ace saying he did not replace the broken hard drives, thus leading the platform to time warp back for four months. Ace was also accused of not securing the website leading to the leakage of user information and also disabling self-ban feature, which meant that people could not leave the forum.
Well, for some, it is an attack well served, and there are several reasons put forward for such justification. Some felt that for a forum that was dedicated to attacking others, getting a good dose of its own treatment sounds really good. Another reason put forward is that now the authorities tackled with fighting SIM swappers will now be able to nab even a lot more.
Now that the database is out in the open, a lot more crooks will be arrested and charged to court. At the moment, it is not clear how OGusers will cope or even fully react to this leak. It is also not clear how Raid Forums will greet the news of the ‘downfall’ of its rival platform. But whatever the case, it is a very dramatic and really interesting event from the shadowy world of hackers.