Underground darknet forums enable cybercriminals to trade and exchange hacking tools and stolen data. However, sometimes they can also be the targets of cyberattacks from their community. In what could be called a surprising hacking incident, hackers turned against their peers after leaking users’ sensitive data. They compromised the Maza cybercriminal forum.
Security researchers from Flashpoint stated that they found a security breach on Maza, which has been active since 2003. The attackers also posted a warning message saying, “Your data has been leaked / This forum has been hacked.”
Also known as Mazafaka earlier, the hacking forum is a closed and restricted platform for Russian-speaking threat actors. The threat actors on this forum are involved in various criminal activities like carding stolen financial data and payment card information, exchanging techniques on malware distribution, vulnerability exploits, spam, money laundering, and more.
Flashpoint stated that over 2,000 accounts and sensitive information like user IDs, usernames, email addresses, messenger app links — including Skype, MSN, and Aim — and passwords, both hashed and obfuscated — were exposed in the incident.
“Flashpoint is actively monitoring cybercriminal discussions of Maza across the entire cybercriminal forum ecosystem commenting on the recent disruptions to many elite services and communities. Users on the Exploit forum are discussing moving away from using emails to register on forums as recent disruption efforts may have increased exposure of their online activities. Others are claiming that the database leaked by the attackers is either old or incomplete,” Flashpoint said.
Tasting One’s Own Medicine
This is not the first time cybercriminals targeted their fellow operators. Earlier, researchers discovered database leaks of three hacking forums – Sinful Site, SUXX.TO, and Nulled. These databases have been exposing hackers’ personal information since the beginning of May 2020. Hacking forums are the places of aggregation for cybercriminals to participate in general discussions with other hackers to share and sell data leaks, hacking tools, malware, and tutorials, etc. They can easily buy and own malware and ransomware via such forums and dark web market networks.