We’ve all heard of hackers infiltrating the systems of unsuspecting victims like organizations and business and expose massive amounts of data in the process, but hackers hacking other hackers is entirely a different story.
And that story has already been written when a group of hackers from the rival hacking forum, Raidforums, breached on the MyBB forum of its nemesis, Cracked.to, effectively exposing hundreds of thousands of sensitive information of the latter’s members and users.
Reports reveal that the breaching happened when Cracked.to members are discussing in the forum site different ways to attack and breach into Fortnite accounts, selling software exploits, and engaging in other potentially illegal activities.
All in all, the dump posted on Friday to Raidforums.com included more than 749,161email addresses of users of the rival hacking forum, according to the disclosure post made in Have I Been Pwned. Other forms of data exposed by Raidforum hackers were IP addresses, usernames, private messages, and passwords stored as bcrypt hashes.
Cracked.to describes itself as a forum that provides “cracking tutorials, tools, combolists, the marketplace, and much more stuff!” Similarly, Raidforum’s claims to be a site that offers similar services, essentially making the two forums as competitors in terms of marketing and audience.
“In July 2019, the hacking website Cracked.to suffered a data breach. There were 749k unique email addresses spread across 321k forum users and other tables in the database. A rival hacking website claimed responsibility for breaching the MyBB based forum which disclosed email and IP addresses, usernames, private messages and passwords stored as bcrypt hashes,” read HIBP data breach notification on the incident.
Another cybersecurity website, Ars Technica, reviewed the public disclosure message posted by Raidforum in their website and the investigators found that there was 2.11-gigabyte file published and contained nearly 397,000 private messages. As hacking sites are almost anonymous because of the nature of the discussion that happens within the forum, the wealth of information exposed by hackers from RaidForum includes messages that could be contextualized as kinds of messages that hackers will protect and will not disclose otherwise.
And of course, there are also implicating information that was disclosed in the breach, which includes usernames, passwords, IP addresses and private messages of people who are looking to buy, sell, or develop a support software that could crack accounts of the popular video game, Fortnite, which is in-fact something illegal.
“Freshly cracked Fortnite accounts with skins captured,” reads the subject of one message. “How to change the email on cracked Fortnite accounts,” the subject of another says. Following the analysis made on the exposed information, investigators found out that Cracked.to users are advertising services for exploiting CVE-2019-20250, a critical vulnerability in the WinRAR file-compression program. These vulnerabilities were known to be popularly exploited in recent months in order to smuggle malicious software and other malware into a victim’s computer.
As the users of Cracked.to are hackers with high knowledge on internet security and how to anonymize themselves, Ars Technica said that it is highly likely that the affected users have masked their IP addresses using a Tor software and protected their emails and passwords with other anonymization techniques just like how a good hacker would do. However, the breach still poses a huge risk as a single mistake could lead the police or other hackers into the direction of some of the users that may have done something illegal.
A top administrator at Cracked.to, meanwhile, claimed in July that “an old person of my trust has forum backups that contain the database and folder files.” Earlier than that, the same site admin from the breached forum said that they have already converted from the very weak default MyBB password-hashing scheme to something much stronger; nonetheless, after the breach, all users are advised to change their passwords and to employ stronger anonymization in the future if they wish to continue using the forum for hackers.
“With no doubt, private messages being leaked in plaintext is the worst thing about the whole database breach,” a Cracked.to administrator, who uses the handle floraiN, said in an interview. “However, as a forum owner, you can’t really control what people are dealing with in DMs unless you look them up directly in the database.”