Social engineering forum hacked, data shared on leaked sites
A forum dedicated to social engineering topics was hacked about two weeks ago and the data of tens of thousands of members was leaked online on the day of the hack.
A message from the owner of SocialEngineered.net announced Thursday that the forum had been hacked via a vulnerability in the MyBB forum software.
The last major vulnerability of MyBB was publicly disclosed on June 11 with the technical details. Successful exploitation of the bug – a stored cross-site (XSS) script and file write, leads to remote code execution and full support for the target site.
Although MyBB pushed a patched version a day before, websites are generally slow to install security patches, giving attackers a window of opportunity to search the web for targets and hack them.
Data shared on crack forums
Data from SocialEngineered.net was uploaded to a hacker forum on June 13. The individual who leaked the information said he had “downloaded the entire database and root directory for this website.”
The dump affects 55,121 social engineering forum users and includes their usernames, passwords stored as salted MD5 hashes, email addresses, IP addresses, and private messages.
It looks like the hacker may have gotten much more than that, as the rival forum post said the leak also contained the source code, data, and website activity.
The HaveIBeenPwned violation notification platform added the new database to its collection and informed on Sunday that it included 89,000 unique email addresses from 55,000 forum users, confirming the initial details.
On Friday, the same database was uploaded to another hacker forum where several members shared positive reactions to its availability.
As a result of the hack, SocialEngineered switched to the XenForo forum platform to avoid a similar incident in the future. The owner has requested immediate change of login passwords from members.
As details of new vulnerabilities emerge, hackers quickly take advantage and start looking for potential targets. This incident is a clear example of how quickly attackers can strike, as the threat actor only needed two days to compromise a website and publish details obtained in this way.