 |
||
 |
 |
 |
 |
 |
|
| Did you see this post on slashdot? by Dan Driedelberg 05/19/2019, 8:42pm PDT | ||||
 |
 |
|||
| "Ogusers.com -- a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims' phone numbers -- has itself been hacked," reports security researcher Brian Krebs, "exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users."
On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months' worth of private messages, forum posts and prestige points, and that he'd restored a backup from January 2019. Little did the administrators of OGusers know at the time, but that May 12 incident coincided with the theft of the forum's user database, and the wiping of forum hard drives. On May 16, the administrator of rival hacking community RaidForums announced he'd uploaded the OGusers database for anyone to download for free... "The website owner has acknowledged data corruption but not a breach so I guess I'm the first to tell you the truth. According to his statement he didn't have any recent backups so I guess I will provide one on this thread lmfao." Some users of the hijacking forum complained that their email addresses had started getting phishing emails -- and that the forum's owner had since altered the forum's functionality so user's couldn't delete their accounts. "It's difficult not to admit feeling a bit of schadenfreude in response to this event..." writes Krebs, adding "federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved." - ..... SIM swapping. Huh. That's great for MFA. |
||||
 |
 |
|||
|
