Recently, the media reported that attackers hacked one of the most popular hacking forums on the Internet, OGUSERS (aka OGU) again, for the second time in the last year. Then an unknown attacker stole the data of 200,000 users, according to the official statistics of users indicated on the forum.
As a result, OGUSERS was temporarily disabled and put into maintenance mode, and users were notified of a password reset, urging everyone to turn on two-factor authentication for their accounts so that the stolen data could not be used to hack accounts.
Let me remind you that another OGUSERS hack occurred in May 2019. Then the attackers entered the server through a vulnerability in one of the custom plugins and gained access to a backup dated December 26, 2018. The site was then hacked again in November 2020.
OGUSERS started out as a website selling stolen accounts on a wide variety of platforms and services.
In addition, Motherboard reporters turned their attention to OGUSERS back in 2018, when they were preparing a series of articles on the increasing cases of SIM card fraud. Such attacks with the capture of someone else’s phone numbers are used to steal accounts on social networks, steal large amounts of cryptocurrency, and so on. OGUSERS is one of the largest trading platforms where accounts stolen under such circumstances were sold.
As the information security company KELA now reports, the administrator of the OGUsers forum said that the site was hacked again, as unknown persons uploaded the web shell to the server. At first, the site administration doubted that the database was damaged, but soon a rival hack forum began selling the stolen OGUsers database for $3,000.
Bleeping Computer, citing its own sources, writes that OGusers were hacked on April 11, 2021, and the attackers had full access to the database dump. The database included records of approximately 350,000 users and private messages.
A source told the publication that OGUsers uses a variety of plug-ins that contain vulnerabilities that attackers can chain together to install a web shell.
Vitaly Kremez, head of Advanced Intel, says that such leaks from criminal forums may be beneficial to law enforcements and information security researchers:
Let me remind you that I talked about the fact that the Netherlands police posted warnings on hacker forums.