https://arstechnica.com/information-technology/2019/08/hacker-sites-incriminating-database-published-online-by-rival-group/
By Dan Goodin
Ars Technica
8/13/2019
Hackers from Raidforums recently breached the site of rival hacking forum
Cracked.to and spilled data for more than 321,000 of its members. The hackers
did so while some of their victims were discussing cracking Fortnite accounts,
selling software exploits, and engaging in other potentially illegal
activities.
In all, the dump posted on Friday to Raidforums.com exposed 749,161 unique
email addresses, breach-notification service HaveIBeenPwned reported. The
published data also included users' IP addresses, usernames, private messages,
and passwords stored as bcrypt hashes. The database was generated by website
forum application myBB. Cracked.to describes itself as a forum that provides
"cracking tutorials, tools, combolists, marketplace and many more stuff!"
Raidforums, meanwhile, offers forums on many of the same topics.
Ars reviewed a 2.11 gigabyte file published by Raidforums and found it
contained nearly 397,000 private messages, many that aired the kinds of details
most hackers strenuously avoid disclosing. The details included the usernames,
email addresses, and IP addresses of people seeking to buy, sell, or support
software or services for cracking accounts for popular video game Fortnite.
"Freshly cracked Fortnite accounts with skins captured," reads the subject of
one message. "How to change email on cracked Fortnite accounts," the subject of
another says. Other users advertise services for exploiting CVE-2019-20250, a
critical vulnerability in the WinRAR file-compression program, which was being
actively exploited earlier this year to install a host of nasty malware on
vulnerable computers.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
