The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
OGusers[.]com, a popular forum on hijacking online accounts and SIM swapping attacks has been hacked, exposing email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 users
OGusers[.]com, a popular forum on hijacking online accounts and SIM swapping attacks has been hacked. It has been reported by Krebs on Security. The breach has exposed the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, posts and prestige points, and that he’d restored a backup from January 2019. But that day coincided with the theft of the forum’s user database, and the wiping of forum hard drives. On May 16, the administrator of hacking community RaidForums announced he’d uploaded the OGusers database for anyone to download for free. And, on May 16 he posted the passwords, email addresses, IP addresses and private messages of more than 113,000 users.
The incident happened on 12th May 2019
“On the 12th of May 2019 the forum ogusers.com was breached [and] 112,988 users were affected,” the message from RaidForums administrator Omnipotent reads, according to Krebs on Security. “I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao.” The database appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases).
The forum data leak caused the chaos in the hacking community
The publication of the OGuser database has caused much consternation and drama for many in the community, which has become infamous for attracting people involved in hijacking phone numbers as a method of taking over the victim’s social media, email and financial accounts, and then reselling that access for hundreds or thousands of dollars to others on the forum. Several threads on the forum quickly were filled with responses from anxious users concerned about being exposed by the breach. Some complained they were already receiving phishing emails targeting their accounts and email addresses. Meanwhile, the official Discord chat channel has been flooded with complaints and expressions of disbelief at the hack. Members vented their anger at the main forum administrator, who uses the nickname “Ace,” claiming he altered the forum functionality after the hack to prevent users from removing their accounts.