Breach, Threat Management, Data Security

OGUsers hacked again, user records uploaded by competitor

A dark web forum specializing in marketing stolen social media accounts, SIM cards and phone numbers was itself hacked for the second time in less than a year.

OGUsers on April 2 posted a notice on its site that was picked up by researchers at Under The Breach. The note stated the attacker entered OGUsers uploading a shell to the avatar uploading functionality of the site.

The attacker almost immediately posted 200,551 records, of which 126,431 already had their passwords cracked to plaintext, on their site to prove it committed the hack.

“Those users’ passwords apparently weren’t encrypted, given Under the Breach’s claim that over half of them had already been converted to plaintext as of the time the service posted,” Sophos wrote.

The admin profusely apologized noting their site is targeted every day and that it had completed a forced reset of all user passwords. It was also suggested that users turn on multi-factor authentication to further protect themselves.

This was the second time in less than a year that OGUsers had to confess to a data incident.

In May 2019 OGUsers had its complete database swiped by competitor RaidForums. At the time OGUsers admins said it had suffered a hard drive failure and were able to restore their files using a backup, but RaidForums countered that argument several days later by uploading the database in question, Sophos said.

Neither Sophos or Under the Breach connected RaidForums to the most recent incident.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.