One of the oldest cybercrime forums Maza (aka Maza Faka) has been reportedly hacked this week, with its user information dumped online.
Maza is an exclusive carding and fraud discussion forum for Russian-speaking cybercriminals, which has been around for more than a decade.
According to Intel 471, the incident took place on March 3, 2021, with forum visitors are now being redirected to a breach announcement page along with a PDF file allegedly containing some of forum user data.
“The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details,” Intel 471 noted. “Initial analysis of the leaked data pointed to its probable authenticity, as at least a portion of the leaked user records correlated with our own data holdings.”
According to Flashpoint researchers who also analyzed the data dump, the leaked info includes Crt_filename, Crt_pass, as well as Aim, Yahoo, Msn, Skype, and ICQ numbers for some users.
The news of the Maza forum hack comes just weeks after well-known Russian-language crime forum Verified was compromised. On January 20, the administrator of Verified revealed that the community’s domain registrar was hacked and that the site’s domain was hijacked by attackers. Shortly after the breach, a database was offered for sale on another popular forum, Raid Forums, allegedly containing information on all Verified registered users and their private messages, hashed passwords, posts and threads. The seller was asking US $100,000 for the entire database.
Crdclub is reportedly another crime forum that had been hit this year. In February, the Crdclub admin disclosed a cyberattack which led to the compromise of the administrator’s account.
“By doing so, the actor behind the attack was able to lure forum customers to use a money transfer service that was allegedly vouched for by the forum’s admins. That was a lie, and resulted in an unknown amount of money being diverted from the forum. The forum’s admins promised to reimburse those who were defrauded. No other information looked to be compromised in the attack,” Intel 471 said.
The Exploit cybercrime forum also suffered a data breach this week after hackers compromised one of its proxy servers used for protection from denial-of-service (DDoS) attacks.
Flashpoint says that users on the Exploit forum are discussing moving away from using emails to register on forums as recent disruption efforts may have increased exposure of their online activities, while others are claiming that the database leaked by the attackers is either old or incomplete.