May 20, 2019 at
A well-known forum among account hijacking and SIM swapping attack enthusiasts has interestingly become a victim too. The nasty hacking attack left OGusers vulnerable as passwords, IP addresses, email addresses and confidential messages of well over 110,000 forum members were all leaked.
The Beginning of the End
Not long ago, the management of the forum narrated to
members blaming an outage on hard drive failure. It was said that the outage
cleared private messages, forum posts and even prestige points that have been
accumulating for months. The administrator went ahead to confidently state that
a backup restoration going back to the beginning of the year was done. Unknown
to the handlers of OGusers, that outage was simultaneous with hackers gaining
access to its database and clearing the hard drivers. It was not a hard drive
failure but a well-orchestrated attack.
The Dramatic Leakage
In the middle of May, administrator of competing
hacking group RaidForums
dramatically declared that he had uploaded the database of OGusers. He even
went ahead to state that anyone who wanted to download it should go ahead and
do so without any fee. In the announcement, the RaidForums admin stated that
the attack was actually launched on the 12th of May, 2019 and details
of specifically 112,988 users were affected.
The database breach was uploaded alongside the website
source files. The poster also expressed surprise that the hashing algorithm was
salted MD5. The details of the compromised data included email addresses,
internet protocol addresses, website activities, passwords (salted MD5), source
code, website data, and private user message. But one of the interesting discoveries
is that many of the nicknames are probably going to be the same people using
The release of the database triggered a lot of confusion and shock for numerous members of the community. This is because the forum itself was notorious for acting as a magnet for those into the hijacking of phone numbers of others. They then use these stolen data to overtake the social media, bank accounts, email and other records of the victims. They then go ahead to sell these details to others on the forum for considerably hefty amounts.
Reactions and Consequences
Other posts on OGusers swiftly gained traction from
worried users who feared such exposure of their details. Some started raising
alarms that they were already getting phishing emails that locked onto their
OGusers and email accounts. On the other hand, the official chat channel used
by OGusers on Discord was overwhelmed with complaints and statements of shock
over the hack. Users expressed fury at the primary forum admin who goes by the
alias ‘Ace.’ They accused him of modifying the system of the forum after the
hack in such a way that they were unable to delete their accounts following the
One of the users on the Discord chat directly attacked
Ace saying he did not replace the broken hard drives, thus leading the platform
to time warp back for four months. Ace was also accused of not securing the
website leading to the leakage of user information and also disabling self-ban
feature, which meant that people could not leave the forum.
Well, for some, it is an attack well served, and there are several reasons put forward for such justification. Some felt that for a forum that was dedicated to attacking others, getting a good dose of its own treatment sounds really good. Another reason put forward is that now the authorities tackled with fighting SIM swappers will now be able to nab even a lot more.
Now that the database is out in the open, a lot more
crooks will be arrested and charged to court. At the moment, it is not clear
how OGusers will cope or even fully react to this leak. It is also not clear
how Raid Forums will greet the news of the ‘downfall’ of its rival platform.
But whatever the case, it is a very dramatic and really interesting event from
the shadowy world of hackers.