Prepare yourself for the warm glow of suffering: OGUsers, a forum dedicated to trading stolen Instagram, Twitter and other accounts, has apparently been hacked, the hard disks of the forum have been erased and the user database has been stolen and published on a rival community site for hackers and all users can download for free.
As Motherboard reported last year, OGUsers – called OGU by its members – is a forum that is popular with hackers specializing in hijacking people's accounts, especially through SIM swapping.
Trade in desired user names
Launched in April 2017, the forum is a market for buying and selling "OG" usernames. That is an abbreviation for & # 39; original gangster & # 39; and refers to usernames that are considered desirable, whether it be because of their short background, such as @t or @ty, or because they are considered cool, such as @Sex or @Eternity, or again, because they belong to celebrities, such as the Twitter accounts of the co-founder of Wikipedia, Jimmy Wales, comedian Sarah Silverman or NASA, to name just a few.
According to Motherboard, OGUsers traded in hijacked social media accounts, but also in PlayStation Network, Steam, Domino & # 39; s Pizza and other online accounts.
The manager of OGUsers, known as "Ace", announced the attack in a post on the forum on May 12, 2019. According to security journalist Brian Krebs, Ace told forum members that a failure was caused by a hard drive failure that knew months private forums and prestige points. Ace said they have restored a backup from January 2019.
But we have since come to find out that the power outage on 12 May coincided with the theft of the forum user database and the erasure of the hard drives.
Four days after Ace's report, the rival hack community, RaidForums, announced that they had uploaded the OGUsers database. Come and understand, said RaidForums administrator Omnipotent and raised an eyebrow when using OGUsers for the MDX hashing function with vulnerable findings:
On May 12, 2019, the forum ogusers.com was violated [and] 112,988 users were affected. I have uploaded the data from this database connection together with the source files from their website. Their hashing algorithm was the standard salted MD5 that surprised me, anyway the website owner acknowledged data corruption but no breach so I think I'm the first to tell you the truth. According to his statement, he had no recent backups, so I assume I will provide one on this lmfao thread.
Krebs got the picked up list of members of OGUsers. He said it apparently contained usernames, email addresses, hashed passwords, private messages, and IP addresses at the time of registration for about 113,000 users – although, he said, some users are likely to use multiple aliases. Motherboard also checked the database and discovered that it contained emails and source code from users.
Motherboard verified the data by searching for two accounts registered by the reporters.
Music from the smallest violin
The members of OGUsers are, understandably, and to the delight of the karmic balance of the universe, crazy. Several threads on OGUsers are filled with users who are concerned that they are being exposed because of the breach, while some claim that they have already received phishing emails, Krebs reports.
Some are furious with Ace and claim that it has disabled users' ability to delete their accounts. Krebs quoted a user who had this to say on the Discord chat:
Ace are like:
– no replacement of broken hard disks, causing the site to deteriorate four times
– no secure website, which leaks user information
– disable self-ban so that people cannot leave
Motherboard spoke with one member of the OGUsers who said that the rats leave the sinking ship, worried about 1] being hacked themselves and 2] a visit to the law:
It is as if a nuclear bomb has fallen on the site. Some people only used OGU-pms as their only contact, so if you look at it or an FBI agent, there is a lot to be found.
No, please don't go, little rattles, Ace said in a message. OGUsers that are being violated is just like any other site that is being violated, so they wrote and neglected the part about how most users are probably cyber criminals:
OGUsers has been online for almost 3 years now and this is the first time that an infringement has occurred. I understand everyone's frustration and I am very sorry that this has all happened recently. You must realize other sites such as Twitter, Facebook, Dropbox, forums that you have used in the past and many more that have been violated at least once. People focus on the site 365 days a year. Again, I am very sorry that this has happened and I will do my best to ensure that it never happens again.
… yes, it's just like Twitter or Facebook or Dropbox is being violated, with the small, mild exception of potential detention for the people whose personal information has been exposed.
We wish you good luck while running, little rattles, but hey, you know … karma and stuff. We do not wish you luck if you escape the long arm of the law, and the victims of your account hijackings will undoubtedly share that attitude.
Yet we cannot go crazy when crooks kick each other's spades. Malware is a pest that Sophos fights against all the time, so we cannot applaud too loudly, even if, for example, a Nigerian scammer infects himself.
And as we said when we reported about hackers hacking hackers – if hackers can be hacked, then you can do that if you're not careful.
So be careful!