Hacker Forums Hacked
The hack exposed information of thousands of forum members, including their user ID, username, email, password (hashed and obfuscated), certificate file names, certificate passwords and members contact information on Yahoo, MSN, Skype, and the audio to text conversion platform ICQ.
The data breach at Maza comes after another major Russian-language forum 'Verified' suffered a compromise in February 2021. Tens of thousands of private messages between Verified users, including deposit and withdrawal information about Bitcoin, were reportedly stolen in this breach.Another Russian hacker forum, 'Exploit', is also reportedl to have been hacked, with one forum member warning other users to be careful with registered emails across multiple forums.
The hack has left forum members worried that their data may be used by law enforcement agencies to discover their real identities.
In the case of Maza, somebody dumped a 35 page PDF file on the Dark Web containing usernames, redacted passwords and other details the personal information of forum members.Researcehrs from the leading threat intelligence form Flashpoint say the leaked Maza database is legitimate and that Maza forum visitors were being redirected to a breach announcement page.
According to the Krebs on Security website, only intelligence services or people who know where the servers have the required skill and capabilities to disrupt criminal forums to that extent and it would appear that someone is purposefully undermining these forums.
In February, Dutch police reportedly posted "friendly" messages on two hacking forums, saying that "hosting criminal infrastructure in the Netherlands is a lost cause". The police messages were posted after 'Operation Ladybird', in which law enforcement agencies across several countries join hands to disable Emotet, one of the most dangerous malware botnets, which has been deployed in a number of major criminal attacks on banks and other organisations.
As part of that investigation, the Dutch National Police discovered a database containing email IDs, usernames and passwords stolen by Emotet.
Maza was hacked once before in ten years ago when the data of more than 2,000 cyber criminal users, along with all of their forum correspondence was exposed
Brian Krebs: Flashpoint: Computing: BankInfoSecurity: ZDNet:
You Might Also Read: