Attackers Hacked OGUsers Hacking Forum Again

Recently, the media reported that attackers hacked one of the most popular hacking forums on the Internet, OGUSERS (aka OGU) again, for the second time in the last year. Then an unknown attacker stole the data of 200,000 users, according to the official statistics of users indicated on the forum.

As a result, OGUSERS was temporarily disabled and put into maintenance mode, and users were notified of a password reset, urging everyone to turn on two-factor authentication for their accounts so that the stolen data could not be used to hack accounts.

Let me remind you that another OGUSERS hack occurred in May 2019. Then the attackers entered the server through a vulnerability in one of the custom plugins and gained access to a backup dated December 26, 2018. The site was then hacked again in November 2020.

OGUSERS started out as a website selling stolen accounts on a wide variety of platforms and services.

But if it all started with ‘interesting’ social media accounts (Twitter, Instagram) with unique or short usernames, it later developed into a full-fledged resource for the sale of any accounts, including user accounts of PlayStation Network, Steam, Domino’s Pizza and etc.media talk about the forum.

In addition, Motherboard reporters turned their attention to OGUSERS back in 2018, when they were preparing a series of articles on the increasing cases of SIM card fraud. Such attacks with the capture of someone else’s phone numbers are used to steal accounts on social networks, steal large amounts of cryptocurrency, and so on. OGUSERS is one of the largest trading platforms where accounts stolen under such circumstances were sold.

As the information security company KELA now reports, the administrator of the OGUsers forum said that the site was hacked again, as unknown persons uploaded the web shell to the server. At first, the site administration doubted that the database was damaged, but soon a rival hack forum began selling the stolen OGUsers database for $3,000.

Bleeping Computer, citing its own sources, writes that OGusers were hacked on April 11, 2021, and the attackers had full access to the database dump. The database included records of approximately 350,000 users and private messages.

A source told the publication that OGUsers uses a variety of plug-ins that contain vulnerabilities that attackers can chain together to install a web shell.

Vitaly Kremez, head of Advanced Intel, says that such leaks from criminal forums may be beneficial to law enforcements and information security researchers:

This OGUsers leak could potentially help identify cybercriminals via email and IP addresses and then link this information to their real identities. Previous OGUsers leaks contained important clues that helped uncover cybercriminal operations, especially related to fraud and hijacking of cryptocurrency accounts, as well as operations to swap SIM cards.

Let me remind you that I talked about the fact that the Netherlands police posted warnings on hacker forums.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *