Russian cybercrime forum Maza reported a breach with hackers exposing users’ personal details and forum credentials to reveal true identities.
It’s a platform notorious for connecting hackers, fraudsters, and extorters in accessing ransomware-as-a-service tools and stealing money from other people. This is an online forum that hackers get advice in order to help improve their crimes.
What’s ironic is, the member credentials and information are out in the open, believing that the authorities and researchers can track down their whereabouts. The breach happened on March 3, where a host of information was leaked in both hashed and obfuscated forms.
Experts say that the type of information exposed includes user IDs, usernames, email addresses, passwords, and full names. These are all encrypted in a 35-page PDF file on the dark web, containing 3,000 rows of user information.
ICQ numbers were also exposed, which according to experts, can connect to multiple accounts to the same user across a myriad of forums with different nicknames. In short, these pieces of data can be used to reveal the true identities of extorters and threat actors, leading the authorities to take action.
“The unknown attackers compromised the forum and posted a warning message that reads, Your data has been leaked, and This forum has been hacked, to members of the forum. It is unclear if this automated translation indicates a non-Russian speaking actor responsible,” said Flashpoint.
While there’s no update yet about the threat actors who exposed the Maza credentials, it’s clear that somebody is doing a misdirection technique. Some experts claim that the hackers may be part of the law enforcement agency, but this is still a theory.
Operation Against Maza
There were attempts to enter the Maza sphere, and law enforcement has had a successful entry in the past. It’s possible that the increase in the criminal activity on the cyber web gave the green light for the authorities to take action and conduct the operation against Maza.
“Threats to Maza users are that their contact details are now exposed. This will enable investigators to initiate or further any investigations targeting their illicit activity, and removes a layer of anonymity that these forums have traditionally afforded,” said Information Security Media Group president Thomas Hofmann.
Maza has been around since 2009, considered a prestigious hacking forum. It fosters fraud topics like malware, a place where buying and selling of stolen credit card details are available.