Social Engineered hacked, user data leaked, dumped on rival site

News by Teri Robinson

The information dumped from 89,392 compromised accounts included usernames, private messages, IP addresses and passwords

User data from Social Engineered, which bills itself as a forum for the "Art of Human Hacking", was leaked in mid-June and posted on a rival site.

"Mybb had a vulnerability yet again and the site got breached along other websites using Mybb," Social Engineered founder, Snow101, confirmed in a blog post. "We moved over to xenforo i suggest changing your passwords immideately [sp]."

The information dumped from 89,392 compromised accounts included usernames, private messages, IP addresses and passwords, which were stored as salted MD5 hashes, according to a Have I Been Pwned blog post.

"MD5 is not a secure algorithm for hashing passwords. It has well-known flaws and is generally understood to be insufficient for protecting sensitive data of any kind," said Tim Erlin, vice president of product management and strategy at Tripwire, who pointed out that information from such compromises is often used in social engineering schemes like phishing. "If you were going to choose a user base that’s especially difficult to target with phishing and other social engineering based attacks, this would certainly be near the top of the list."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop