18
May 19

Account Hijacking Forum OGusers Hacked

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum posts and prestige points, and that he’d restored a backup from January 2019. Little did the administrators of OGusers know at the time, but that May 12 incident coincided with the theft of the forum’s user database, and the wiping of forum hard drives.

On May 16, the administrator of rival hacking community RaidForums announced he’d uploaded the OGusers database for anyone to download for free.

The administrator of the hacking community Raidforums on May 16 posted the database of passwords, email addresses, IP addresses and private messages of more than 113,000 users of Ogusers[.]com.

“On the 12th of May 2019 the forum ogusers.com was breached [and] 112,988 users were affected,” the message from RaidForums administrator Omnipotent reads. “I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao.”

The database, a copy of which was obtained by KrebsOnSecurity, appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases).

The publication of the OGuser database has caused much consternation and drama for many in the community, which has become infamous for attracting people involved in hijacking phone numbers as a method of taking over the victim’s social media, email and financial accounts, and then reselling that access for hundreds or thousands of dollars to others on the forum.

Several threads on OGusers quickly were filled with responses from anxious users concerned about being exposed by the breach. Some complained they were already receiving phishing emails targeting their OGusers accounts and email addresses. 

Meanwhile, the official Discord chat channel for OGusers has been flooded with complaints and expressions of disbelief at the hack. Members vented their anger at the main forum administrator, who uses the nickname “Ace,” claiming he altered the forum functionality after the hack to prevent users from removing their accounts. One user on the Discord chat summed it up:

“Ace be like:

-not replace broken hard drives, causing the site to time warp back four months
– not secure website, causing user info to be leaked
– disable selfban so people can’t leave”

It’s difficult not to admit feeling a bit of schadenfreude in response to this event. It’s gratifying to see such a comeuppance for a community that has largely specialized in hacking others. Also, federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved.

Tags: , , , ,

72 comments

  1. Wow, it’s nice for once to read an article where hackers/malware groups might be feasting on one another.

    Be nice to see more of this, or at least encourage it.

    • Yeah, this is kind of like the crack wars of the 90’s. As long as they only take each other out…who cares?

      • Ugg… lots of collateral damage and dead innocents from inaccurate drive by shootings during those drug wars of the 90’s.

        Luckily, this is cyber war. Very different in that regard.

    • Check below, they are already fighting right here on these comments, lmao

  2. Chester Copperpot

    What goes around comes around, eh?

  3. Chester Copperpot

    Or is it more..”There’s no honor among thieves.”

  4. You have to ask yourself, “who had something to gain by hacking OGusers?”. How long before RaidForums gets hacked in a revenge hit? Maybe it’s a start of a new era where competing badhats and cyber gangs try to knock each other off Cyber style rather than military style. (-;

    • Yeah it’s possible but unlikely the RaidForums website has been alive and well for 4 – 5 years and they have leaked multiple databases and attacked multiple sites. The thing is that their owner is well versed and therefore it’s very unlikely for his site to get breached.

      • Incorrect.

        As a member of OGU and RF, RF is really badly protected and has been getting attacked by members of OGU for days now according to rumor. DDoS, DB Cracks, among other methods. Be aware for more articles soon.

        • You have no idea what you’re talking about, or at least you sound like you don’t.
          You mentioned DDoS although RaidForums has been online ever since the OGU breach? There has been 0 downtime.
          You mentioned DB Crack? I have no clue what that even means if I’m honest lol but just made you sound retarded as hell.

        • RF is going to fucked, Omni is going to get simmed and ran like a track mark my words. RIP RaidForums, the forums full of skidiots.

          • Awww, someone’s pretty butthurt, eh? Anish, it’s been quite a laugh seeing the emails that you’ve been sending. Please keep it up, it’s been an absolute pleasure watching you and the rest of the schmucks meltdown.

  5. The Sunshine State

    “Not replace broken hard drives, causing the site to time warp back four months”

    Be like “Teenage boys , that are script kiddies “

  6. I bet several FBI infosec people will be missing the GoT finale as they spend the weekend trawling through this. And forum members within the FBIs reach can expect a knock on the door over the next few weeks.

    • That would be sweet.

    • The vast majority of those users don’t commit crimes to warrant FBI investigations. The rest are out of the jurisdiction of the FBI.

      • That’s not true.

        Investigations don’t work that way.
        Prosecutors and investigators LOVE low hanging fruit like this. They use them to threaten jail time, even for small offenses, in the hope that they’ll turn.

        99% of the big arrests, start off with a small fish who have turned informant.

      • Also, regarding jurisdiction…

        I know these criminals need to have some kind of peace of mind to do what they do… but it is a total MYTH, that FBI doesn’t have jurisdiction.
        It’s like people who think they can out run the cops as long as they cross state lines.

        The FBI cares about where the crime is committed and not so much where the perpetrator lives. At most, they just need to involve those local law enforcement official to handle operations. But most countries, with a few notable exceptions, are willing and able to cooperate.

        Even if in a non-extradition country that would not cooperate… the US can still indict non-US personnel and track down any US assets to freeze.

        • They got assange, yet these fools think they’re safe. They’d have to live in a handful of countries already, or have viable means of getting to those places fast to prevent Uncle Sam getting you. If they have a use for you, they will find you. It might not be FBI that shows up at your door at 2 AM, but someone who’s received some pressure certainly will. Just don’t get shot.

      • tell that to all the sim swappers that just got nailed in places like Moldova

        • Name required

          Moldova extradites its citizens. Russia, Brazil, Ukraine and other countries don’t.

          • Times they are a changing. Some of those sim swappers were in Ukraine iirc, and they are being charged there after a joint op involving the FBI.

            • Times are not changing Ukraine always had a deal going with a lot of Europe and fall under pressure they are not a state enemy like china or russia. However that may also soon change if russia do manage to fully take Ukraine.

    • I don’t think a database obtained like this would be usable in court though, what if the database was modified in some way? There is no proof this is genuine, obviously it is, but I think they would only be able to use this database if they were the ones who got it themselves, and not some hacker on the internet.

      I might be wrong, just let me know what you guys think.

      • Well… contrary to television courtrooms…

        This kind of evidence isn’t used in court as a standalone “Exhibit A”.

        Rather, it is a jumping off point for investigations.
        It would not get admitted by itself, but show a chain of evidence that would be combined with a lot of other things. Everything is confirmed, corroborated and verified independently so there can be no question.

        People think they can get away with crime because they don’t understand how investigations are conducted, and believe the prosecution and judge are idiots who required to throw out evidence as soon as the defense says, “objection!”.

      • You are completely wrong. Read many of Brian’s past articles where he’s shown the real identity after investigation and researching that started with a SINGLE email mistake. Like people signing up on this OG forum on same email they use for facebook, or a domain registration.

        I bet you there’s more than one member who made a stupid mistake reusing same email or password for something else.

  7. Karma at work.

  8. Oh snap!

    Although I can hardly believe that those sleazebag SIM swappers weren’t using some sort of VPN to access that site.

    Also how could those websites still be around on a public web? I thought you needed Tor to access them.

  9. And this forum liked to block almost all proxies/vpn/datacentre ips, so you know this breach is going to be a huge dumpster fire for their users.

  10. Aw, poor hackers. Go cry to your mothers.

  11. Is the hacker sleeze’s details still available anywhere
    that a regular joe like me can see it?

    • Ace forced a password change, shortly after that he made it so that until passwords are changed, ur account can only be accessed from an IP that had been used on the account before, breach over

  12. Hey Kreb, we’d appreciate if you don’t post our Discord discriminators.

    • No one here care what anyone who is associated with OGlosers wants. Go back to your hole.

  13. Instagram@OGU

    This forum isn’t a place for “hacking and simswapping”. It is actually a forum to buy and sell usernames. There just happens to be people (NOT MANY) on the forum who may hack, or do blachhat things. And there are very minimal users who simswap.

    • That makes it all OK then.

    • Buying usernames for what purpose? Perhaps stealing their identity, breaking into their accounts and committing fraud? Its a criminal forum, what type of criminal forum seems pretty irrelevant to all but those trying to defend their criminal activity.

  14. Conspiratorialist

    Although contrary to Occam’s razor, that the OGusers forum administrator is less than competent, this hack could be a force multiplier used by LEOs to smoke out the black hats. Make the data available to competitor’s, etc. and profit from the chaos. LEOs will never be able to make a solid cast to prosecute all 112,988 users, but they can infuse FUD into these forums. Those that are low hanging fruit and more easily prosecuted in western countries can be flipped to bring down those further up food chain. These black hats should never be able to feel comfortable or know who to trust. It appears this is already happening.

    Fun stuff

  15. The forum owners could avoid the “time warp” by restoring the stolen database instead of the 3 month old backup

  16. I wonder if the users have any claims under breach notification laws? 🙂

  17. Glee…

  18. Hey Gothic@OGU – we’d appreciate if you don’t steal our identities, rob our bank accounts, and in general work to make the web a cesspool instead of the great thing it could be for everyone. Just sayin’.

  19. Damn, I just searched Google how to get a secure email then it take me a passage this forum and it tell me if I want to see it I need create a account and I did it some years ago, I nearly forget I have a account in this forum and I don’t know what the forum is and what it do but today I get a email that tell me my password has leaked…

  20. Just read this article ~ certainly started my day with laughter! Thank you!!!

  21. What Comes Around...

    Username: simswapgod
    Comment: “My username is just a joke”
    Me: Ha!
    FBI: HAHA!!!!
    Simswapgod: Awww.

  22. One can only hope that they start killing each other. It would be like the old parades when they tossed candy to the kids watching. Fingers crossed.

  23. I love seeing dirt bags get what they deserve. A bunch of thieves need to go out and get a job.

  24. I have to wonder the source of the hacking tools used against OGusers. I very much doubt that they were hacked with a well-known vulnerability or a low-level tool.

    My guess is that someone on OGusers attracted the attention of a state-sponsored hacking group. The state group got what they wanted out of the OGusers data and then threw the database over to RaidForums. That action will spread the data around and provide cover to the intelligence.

  25. Lol. Ace is just dumb af. He even knew there were persistent sql injections but just banned the guy so he fought back

    • OGUsers has been online nearly 3 years Like every site, it gets pounded by hackers every hour of every day. You actually think some kiddie’s SQL injection script cracked the site? Really? And you’re calling Ace dumb af?

      • Yeah, that’s how it usually goes.

        Getting “pounded by hackers every hour of every day” is the thing that is usually done by scripts. And usually they aren’t sophisticated attacks.

        So the admins get this false sense of security when their site is constantly surviving attack. They become complacent in their security posture, and then, one day, someone gets in.

  26. rip in the chat women

  27. Ummmm. Did ya think it is the FBI to cause mass exit and for all the world to see? Come on now…. every law enforcement and FBI wants these idiots to squeal on their Master. Bet that happens in 3 months tops!! Glad to see them go and bet a well known Corp is involved.

  28. isnt there a good chance many of those users are on both competing forums? If so, by dumping the OGusers DB for anyone to download, arent Raidforums putting their own users at risk? Seems like users might have reason to be angry at both sites admins.