Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week.
The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well as corresponding IP addresses (many likely anonymized), hashed passwords, private messages and usernames.
According to an Ars Technica report, hackers from Raidforums are responsible for breaching the forum, which runs on the open-source forum software MyBB. The news organization says it reviewed a 2.11 gigabyte file containing approximately 397,000 plaintext private messages, which discuss matters such as cracking Fortnite accounts and selling software exploits.
Speaking of exploits: Raidforums owner, developer, and host “Omnipotent” reportedly told Ars Technica that the breach was executed via an exploit, although he shared no further details.
In a Cracked.to thread that was originally started on July 27, forum administrator “floraiN” warned members that a once trusted party managed to obtain forum back-ups dating from late 2018 through June 2019. Concerned the party might publish this information, the forum forced users to change their passwords and reset all database sesssions. floraiN also reassured users that their passwords were safe because the forum had recently switched to a stronger hashing algorithm.
That post was followed by a new thread update on Aug. 8: “A wannabe ‘leaking-forum’ released the database backup today that contains all data from 21st of July 2019,” wrote floraiN. “As announced a few weeks ago all passwords are hashed with an advanced hashing algorithm… and therefore pretty much useless.”
“There will be consequences for the forum that is responsible for distributing the backup and for the person that leaked it,” the post ominously continues.