OGUsers, one of the most popular hacking forums on the internet, today revealed a violation, the second since 2019.
"It seems that someone was able to breach the server through a shell that he put in the avatar that he uploaded to the forum software. That's how he got access to our current database, "said Ace, the forum administrator.
The attacker is believed to have stolen information from 200.000 users of the forum.
The briefing was detected by the data breach monitoring service.
Before the forum went offline, administrators said they would be resetting passwords and urged all users to turn on authentication two (2FA) factors on their accounts, so that the data obtained is not used for account hijacking.
The site served as a venue educationand meeting place for hackers who tried to organize SIM card attacks (SIM jacking).
The previous breach took place in May 2019, when a hacker again breached the OGUsers servers, and stole details from 113.000 users of the forum at the time. The attack did not stop there, however, as the hacker deleted the server's hard drives and later posted the stolen data to an adversary hacking forum.