In what appears to be a case of rivalry among hacking groups, a well-known hijacking forum ‘OGusers’ has been hacked, and the membership database subsequently leaked on a rival forum.
According to security researcher Brian Krebs, the leaked database: "appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases)."
According to Krebs, the incident began with the administrator of OGusers explaining to forum members that a 12 May site outage was a simple hardware failure, and that the forum’s data (including private messages) had been restored successfully from a much earlier backup from January. However, just days later, on 16May, the administrator of rival hacking community RaidForums posted the entire OGusers database with the following message:
"On the 12th of May 2019 the forum ogusers.com was breached [and] 112,988 users were affected." The post by RaidForums administrator Omnipotent adds, "I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao."
Unsurprisingly, users of the ‘OGusers’ forum - which specialised in SIM cloning and swapping, often used in bank fraud, where the cloned SIM is used to seize control of a victim’s phone and intercept reset codes from their bank - were immediately concerned. In a twist of no small irony, forum members were reporting phishing attacks almost immediately.
OGUSERS (OGU) got their database hacked. It compromised Private Messages from every user before 2018.— Nathan H. Lex (@HydrogenNGU) May 17, 2019
If authority gets a hold of it, any user that was affiliated with black hat activities will be tracked down in a heart beat.
However, as Twitter users were quick to point out, the value of the private messages to law enforcement should be considerable. As Krebs summarised: "It’s difficult not to admit feeling a bit of schadenfreude in response to this event. Law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved."