SocialEngineered.net, the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago.
Hackers accessed data from tens of thousands of members and leaked them online on a hacker forum.
The hackers exploited a vulnerability in the MyBB forum to access forum data.
“Mybb had a
Owner of the SocialEngineered forum decided to move to the XenForo forum platform after the incident. The administrator urges members of changing their login passwords.
In June, experts at RIPS Tech discovered security flaws (a stored cross-site scripting (XSS) and file write issue) in MyBB prior to version 1.8.21 that could allow attackers to take over any board hosted by sending a malicious private message to an administrator or by creating a malicious post.
MyBB has already released a patched version, but evidently, administrators are slow in updating their websites.
On June 13, the attacker leaked data on a hacker forum claiming that he had “uploaded the full database and root directory of this website.”
The dump includes data of 55,121 forum users, compromised info includes usernames, passwords stored as salted MD5 hashes, email addresses, IP addresses, and private messages.
A post published on a rival forum also revealed that the dump includes the source code of the website, along with data and logs.
The HaveIBeenPwned websites added the leaked data to its system, data set includes 89,000 unique email addresses from 55,000 forum users.
“In June 2019, the “Art of Human Hacking” site Social Engineered suffered a data breach. The breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database. The exposed data also included
“Breach date: 13 June 2019
Date added to HIBP: 23 June 2019
Compromised accounts: 89,392
Compromised data: Email addresses, IP addresses, Passwords, Private messages, Usernames”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.