Hacking forum gets hacked for the second time in a year

Schadenfreude (again). Nice to see this website down for  while…:

OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year.

“It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020,” said Ace, the forum’s administrator.

The attacker is believed to have stolen the details of more than 200,000 users, the latest user counter listed on the forum.

The brief announcement was spotted by data breach monitoring service Under the Breach before the forum was put into maintenance mode by its administrators a few hours ago.

ogusers-data-breach.jpg
Image: Under the Breach

Before taking the site down, administrators said they reset passwords and urged users to enable two-factor authentication (2FA) for their accounts, so any of the data taken in the hack can’t be used to hijack accounts.

The forum users should know everything about account hijacking since this is how OGUsers became widely known in the first place.

The site rose to infamy in 2018 when fellow tech news site Motherboard identified it as one of the main locations on the internet where hackers were gathering to buy and sell hacked Instagram accounts.

Furthermore, the site also served as a training ground and meeting place for hackers looking to organize SIM swapping (SIM jacking) attacks.

The site’s fame got it unwanted attention, though, and the forum was targeted by rival hackers the next year, in May 2019.

[…]

Original Article