SocialEngineered forum hacked and data leaked online

Pierluigi Paganini June 25, 2019 is a forum dedicated to social engineering discussions, it has been compromised data of its users was leaked on a hacker forum., the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago.

Hackers accessed data from tens of thousands of members and leaked them online on a hacker forum.

The hackers exploited a vulnerability in the MyBB forum to access forum data.

“Mybb had a vulnerability yet again and the site got breached along other websites using Mybb . We moved over to xenforo i suggest changing your passwords immideately.” said owner of forum.

Owner of the SocialEngineered forum decided to move to the XenForo forum platform after the incident. The administrator urges members of changing their login passwords.

In June, experts at RIPS Tech discovered security flaws (a stored cross-site scripting (XSS) and file write issue) in MyBB prior to version 1.8.21 that could allow attackers to take over any board hosted by sending a malicious private message to an administrator or by creating a malicious post.

MyBB has already released a patched version, but evidently, administrators are slow in updating their websites.

On June 13, the attacker leaked data on a hacker forum claiming that he had “uploaded the full database and root directory of this website.”

SocialEngineered forum leak post

The dump includes data of 55,121 forum users, compromised info includes usernames, passwords stored as salted MD5 hashes, email addresses, IP addresses, and private messages.

A post published on a rival forum also revealed that the dump includes the source code of the website, along with data and logs.

The HaveIBeenPwned websites added the leaked data to its system, data set includes 89,000 unique email addresses from 55,000 forum users.

“In June 2019, the “Art of Human Hacking” site Social Engineered suffered a data breach. The breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.” states HaveIBeenPwned.

Breach date: 13 June 2019
Date added to HIBP: 23 June 2019
Compromised accounts: 89,392
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SocialEngineered forum, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment