Under the Breach experts at the data leak monitoring service noticed that one of the most popular hacker forums on the Internet, OGUSERS (aka OGU), reported compromise for the second time in the last year.
“It seems that someone managed to hack the server through the shell in downloading avatars in the forum software and got access to our current database, dated April 2, 2020,” the OGUSERS administrator writes.
As a result, an unknown attacker stole the data of 200,000 users, according to the official user statistics indicated on the forum itself. OGUSERS is currently disabled and in maintenance mode.
Before the site was temporarily closed, administrators notified users that they were resetting passwords, and also urged everyone to enable two-factor authentication for their accounts so that the data stolen during the attack could not be used to crack accounts.
Let me remind you that the last OGUSERS hack occurred in May 2019. Then the attackers entered the server through a vulnerability in one of the custom plug-ins and gained access to the backup dated December 26, 2018.
Journalists Vice Motherboard, who studied a copy of the stolen database, confirmed that it is genuine. The leak was also investigated by well-known IS journalist Brian Krebs, who also confirmed the authenticity of the data and noted that the dump contained information about 113,000 OGU users. The database stolen from OGU was then distributed in other hacker forums.
OGUSERS began its work as a site selling stolen accounts on a wide variety of platforms and services. But if it all started with “interesting” social media accounts (Twitter, Instagram) with unique or short usernames, then it later developed into a full-fledged resource for the sale of any accounts, including user accounts of PlayStation Network, Steam, Domino's Pizza, and so on. Further.
In addition, Motherboard reporters drew their attention to OGUSERS back in 2018, when they were preparing a series of articles on the frequent cases of fraud with SIM cards. Such attacks with the capture of other people's phone numbers are used to steal accounts on social networks, theft of large amounts in cryptocurrency and so on. OGUSERS is one of the largest trading platforms where accounts stolen under such circumstances were sold.