fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fourth Time’s A Charm – OGUsers Hacking Forum Hacked Again

Fourth Time’s A Charm – OGUsers Hacking Forum Hacked Again

Popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site’s database containing user records and private messages.

OGUsers is a hacking forum known for the sale of stolen social media accounts hacked through SIM-swapping attacks, credential stuffing attacks, and other means. 

More recently, OGUsers members were charged by the US Department of Justice for their role in a string of successful hacks on verified Twitter accounts used to promote a cryptocurrency scam.

OGUsers hacked earlier this month

Last week, cyberintelligence firm KELA tweeted that the OGUsers forum administrator confirmed that the site was hacked after hackers uploaded a web shell to their server.

OGUsers admin announcing April 2021 hack
OGUsers admin announcing April 2021 hack
Source: KeLA

At the time, the OGUsers admin was unsure if the database was compromised, but soon after, members on a competing hacking forum began selling the stolen OGUsers database for $3,000.

Forum post selling the OGUsers database
Forum post selling the OGUsers database

Also Read: Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

A source familiar with the attack has told BleepingComputer that OGusers was hacked on April 11th, 2021, and that the attackers gained access to a complete dump of the forum database. This dump includes the user records and private messages for approximately 350,000 OGUsers members.

BleepingComputer was told by this source that OGUsers uses many plugins that contain vulnerabilities that attackers can chain together to “shell the site.”

Vitali Kremez, CEO of cybersecurity intelligence firm Advanced Intel, told us that database leaks on criminal forums could benefit law enforcement and security researchers.

“This purported OGUsers leak can potentially expose cybercriminals via their registration email accounts and IP addresses and link back to their real identities.”

“Previous OGUsers leaks revealed critical clues that helped unmask cybercriminal operations especially those that are related to cryptocurrency account takeover fraud and SIM swapping operations,” Kremez told BleepingComputer.

Multiple hacks in the past

This is not the first time OGUsers has been hacked and their databases sold by other hackers.

In May 2019, the OGUsers admin informed its users that they were hacked after hackers exploited a custom plugin. Brian Krebs reported that OGUsers was again hacked in November 2020.

Finally, they were also hacked in April 2020 after an attacker uploaded a web shell via the avatar upload forum feature.

Announcement for the April 2020 hack
Announcement for the April 2020 hack
Source: KeLA

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

“We believe that we will likely be seeing many OGUsers members shifting to other communities – and maybe even establishing new ones – given both the poor operational security and the damage to the OG brand among fraudsters and other criminal actors,”  Davidi Carmiel, KELA’s CTO, shared with BleepingComputer.

When we asked our source in the hacker community whether they felt OGUsers would be hacked again, they responded immediately with, “Yes.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us