As a result of the cyber attack, the credentials of nearly 300,000 forum participants were compromised.
The Carding Mafia forum, which deals with the sale and purchase of stolen financial information and credit card information, has been hacked by hackers. According to Have I Been Pwned, a service for verifying compromised data, nearly 300,000 forum member accounts were compromised as a result of the attack.
The compromised information included email addresses, IP addresses, logins and password hashes of 297,744 users. At the time of writing, there were no data breach alerts on the Carding Mafia forum and its public Telegram channel.
Have I Been Pwned founder Troy Hunt has confirmed to Motherboard that the compromised database is legitimate. Hunt also found the email addresses of Mailinator users in the database. Hunt checked the compromised email addresses using the Forgot Password feature, and found that the data was recognized as valid. Typically, Mailinator email addresses are created for one purpose and are not reused. The fact that the addresses are contained in the data dump and are also confirmed by the forum suggests the legitimacy of the information.
Specialists of the publication also found on another hacker forum the data offered for free, allegedly stolen from Carding Mafia in January this year.
This is not the first time over the past month that hacker forums have been the target of hacks. Recall that in early March, the cybercriminal forum Maza (also known as Mazafaka) fell victim to a data leak, as a result of which the information of its users was compromised.
Attackers have stolen IDs, usernames, email addresses, links to instant messengers.
The cybercriminal forum Maza has been the victim of a data breach that compromised the information of its users. The leak was discovered by specialists of the Flashpoint company.
Maza, also known as Mazafaka, is a closed, highly restricted Russian-language forum that has been active since at least 2003. The community is associated with carding (buying and selling stolen financial information and credit card data). The main topics for discussion on the forum are exploits, malware, spam, money laundering, etc.
In particular, the attackers stole IDs, usernames, email addresses, links to instant messengers, including Skype, MSN and Aim. When discussing the hack, some users express their intention to find another forum, while others argue that the data in the leak is outdated and incomplete.
The cybercriminals who hacked the forum posted a message on it "This forum has been hacked. Your data has been leaked." By "missed" it was probably the word "abducted" that was meant.
Flashpoint experts do not know who is behind the hack. However, judging by the published message of the hackers, they used an online translator, and Russian is not their native language. It is also possible that hackers made mistakes deliberately in order to obfuscate the tracks.
In 2011, Maza was already subjected to a cyberattack. Back then, the hack was behind the rival DirectConnection forum, which then fell victim to a retaliatory cyberattack.
The largest carding forum in the Russian Federation has been hacked
MAZA.la, the largest private forum for communication between Russian cybercriminals, was hacked on February 18, as a result of which a database of 2,000 users and their correspondence were stolen.
The information fell into the hands of the most famous cybercrime and fraud prevention companies - RSA, Anti Money Laundering Alliance and IISFA.
Next was attacked the no less private forum Direct Connection, the administrator of which is a certain "k0pa", a native of the CyberLords Team group - the same team of which the scandalous hacker from Novosibirsk Yevgeny Anikin was a member.
The forums were accessed with several reputable sponsors, and user security was ensured by digital certificates and a built-in anti-phishing filter.
The project servers themselves were located in the Taiwan zone.
“The criminals have cunning schemes and high anonymity, so only like-minded people who share the legal side of the issue with law enforcement agencies can resist them,” said Joseph Blank, a spokesman for the RSA Anti-Fraud Command Center.
Among the participants of the MAZA.la forum were such sensational personalities as the 27-year-old cyber warrior Vladislav Horokhorin (BadB), captured by the FBI in France, and the famous spammer Pyotr Lavashov (Severa), who continues his criminal activities.
Until recently, the resource was also actively used by the still uncaught hacker Sergey Kozerev (zo0mer), in respect of whom the US NSA conducted a separate investigation to identify lines of distribution of credit card dumps, and 26-year-old credit card merchant Roman Khoda (My0).
“All of them, in one way or another, came under the gaze of international security agencies, which had been looking for fraudsters for years,” Europol expert Lars van Mulligen told Life News.
On the forum, the criminals discussed the emergence of new banking Trojans such as SpyEye, discussed issues of making fake documents, traded accounts of well-known online casinos and lottery agencies, and organized services to withdraw funds stolen from banks.
Thanks to the hacking of the forum, it may be possible to find the people behind the sensational scandal with Russian hackers detained in the United States last fall.
(c) securitylab.ru
The Carding Mafia forum, which deals with the sale and purchase of stolen financial information and credit card information, has been hacked by hackers. According to Have I Been Pwned, a service for verifying compromised data, nearly 300,000 forum member accounts were compromised as a result of the attack.
The compromised information included email addresses, IP addresses, logins and password hashes of 297,744 users. At the time of writing, there were no data breach alerts on the Carding Mafia forum and its public Telegram channel.
Have I Been Pwned founder Troy Hunt has confirmed to Motherboard that the compromised database is legitimate. Hunt also found the email addresses of Mailinator users in the database. Hunt checked the compromised email addresses using the Forgot Password feature, and found that the data was recognized as valid. Typically, Mailinator email addresses are created for one purpose and are not reused. The fact that the addresses are contained in the data dump and are also confirmed by the forum suggests the legitimacy of the information.
Specialists of the publication also found on another hacker forum the data offered for free, allegedly stolen from Carding Mafia in January this year.
This is not the first time over the past month that hacker forums have been the target of hacks. Recall that in early March, the cybercriminal forum Maza (also known as Mazafaka) fell victim to a data leak, as a result of which the information of its users was compromised.
Large Russian-language carding forum "Maza" has fallen victim to a data breach
Attackers have stolen IDs, usernames, email addresses, links to instant messengers.
The cybercriminal forum Maza has been the victim of a data breach that compromised the information of its users. The leak was discovered by specialists of the Flashpoint company.
Maza, also known as Mazafaka, is a closed, highly restricted Russian-language forum that has been active since at least 2003. The community is associated with carding (buying and selling stolen financial information and credit card data). The main topics for discussion on the forum are exploits, malware, spam, money laundering, etc.
In particular, the attackers stole IDs, usernames, email addresses, links to instant messengers, including Skype, MSN and Aim. When discussing the hack, some users express their intention to find another forum, while others argue that the data in the leak is outdated and incomplete.
The cybercriminals who hacked the forum posted a message on it "This forum has been hacked. Your data has been leaked." By "missed" it was probably the word "abducted" that was meant.
Flashpoint experts do not know who is behind the hack. However, judging by the published message of the hackers, they used an online translator, and Russian is not their native language. It is also possible that hackers made mistakes deliberately in order to obfuscate the tracks.
In 2011, Maza was already subjected to a cyberattack. Back then, the hack was behind the rival DirectConnection forum, which then fell victim to a retaliatory cyberattack.
The largest carding forum in the Russian Federation has been hacked
MAZA.la, the largest private forum for communication between Russian cybercriminals, was hacked on February 18, as a result of which a database of 2,000 users and their correspondence were stolen.
The information fell into the hands of the most famous cybercrime and fraud prevention companies - RSA, Anti Money Laundering Alliance and IISFA.
Next was attacked the no less private forum Direct Connection, the administrator of which is a certain "k0pa", a native of the CyberLords Team group - the same team of which the scandalous hacker from Novosibirsk Yevgeny Anikin was a member.
The forums were accessed with several reputable sponsors, and user security was ensured by digital certificates and a built-in anti-phishing filter.
The project servers themselves were located in the Taiwan zone.
“The criminals have cunning schemes and high anonymity, so only like-minded people who share the legal side of the issue with law enforcement agencies can resist them,” said Joseph Blank, a spokesman for the RSA Anti-Fraud Command Center.
Among the participants of the MAZA.la forum were such sensational personalities as the 27-year-old cyber warrior Vladislav Horokhorin (BadB), captured by the FBI in France, and the famous spammer Pyotr Lavashov (Severa), who continues his criminal activities.
Until recently, the resource was also actively used by the still uncaught hacker Sergey Kozerev (zo0mer), in respect of whom the US NSA conducted a separate investigation to identify lines of distribution of credit card dumps, and 26-year-old credit card merchant Roman Khoda (My0).
“All of them, in one way or another, came under the gaze of international security agencies, which had been looking for fraudsters for years,” Europol expert Lars van Mulligen told Life News.
On the forum, the criminals discussed the emergence of new banking Trojans such as SpyEye, discussed issues of making fake documents, traded accounts of well-known online casinos and lottery agencies, and organized services to withdraw funds stolen from banks.
Thanks to the hacking of the forum, it may be possible to find the people behind the sensational scandal with Russian hackers detained in the United States last fall.
(c) securitylab.ru
