User data from Social Engineered, which bills itself as a forum for the “Art of Human Hacking,” was leaked in mid-June and posted on a rival site.
“Mybb had a vulnerability yet again and the site got breached along other websites using Mybb,” Social Engineered founder, Snow101, confirmed in a blog post. “We moved over to xenforo i suggest changing your passwords immideately [sp].”
The information dumped from 89,392 compromised accounts included usernames, private messages, IP addresses and passwords, which were stored as salted MD5 hashes, according to a Have I Been Pwned blog post.
“MD5 is not a secure algorithm for hashing passwords. It has well-known flaws and is generally understood to be insufficient for protecting sensitive data of any kind,” said Tim Erlin, vice president of product management and strategy at Tripwire, who pointed out that information from such compromises is often used in social engineering schemes like phishing. “If you were going to choose a user base that’s especially difficult to target with phishing and other social engineering based attacks, this would certainly be near the top of the list.”