A forum where hackers and cybercriminals trade stolen Instagram and Twitter accounts was apparently hacked.
The administrator of the forum, which is called OGUSERS, announced it in a post on the forum itself on Thursday.
“More unfortunate news,” the administrator, who goes by Ace, wrote. “It appears someone was able to breach the server through a custom plugin in the forum software and get access to an old backup dating December 26, 2018.”
Have a tip about OGUSERS or SIM Swapping? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Motherboard obtained a copy of the database and verified that the data within it was real by searching for two accounts that our reporters registered.
OGUSERS, also known as OGU within its members, is a forum ostensibly launched to trade “OG” usernames, as in: unique, short, and rare usernames. In addition to social media accounts, OGUSERS also traded in PlayStation Network, Steam, Domino’s Pizza, and other online accounts. The forum became a hotbed for hackers who specialized in breaking into other people’s accounts, taking control of them, and then selling them to the highest bidder, as a Motherboard investigation revealed last year.
Several members of OGUSERS used a technique called SIM swapping to hijack people’s phone numbers. Once in control of their phone number, they’d use that to reset passwords on the target’s Instagram, for example, and then sell the username on the forum.
“OGUsers has been online close to 3 years now and this the first time any breach has occurred. I do understand everyone's frustration and I am deeply sorry this has all happened recently. You must realize other sites such as Twitter, Facebook, Dropbox, Forums you have used in the past, and many more have been breached at least once. People are targeting the site 365 days a year,” Ace wrote. “Again, I am deeply sorry this occurred and I will do my best to make sure it never happens again."
Ace did not respond to a message asking for comment.
Another hacker, who goes by Omnipotent, announced the hack in another forum called Raidforums.
The hacked data includes OGUSERS usernames, passwords hashed with the MD5 algorithm, emails, IP addresses, source code, website data, and private messages.
“It's like a nuke dropped on the site,” a OGUSERS member told Motherboard, explaining that people are quitting the site, worried that authorities have their data, or that others will now hack their accounts. “Some people only used OGU pms as their only contact, so if you were to look into it or an FBI agent there is a lot to find.”
“OGU is currently fucked,” the member said in an online chat. “One more thing and it's dead. One more blow.”
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.