Social Engineered Forum Data Breach Compromises 55,000 Members
CYBER NEWS

Social Engineered Forum Data Breach Compromises 55,000 Members

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Social Engineered, a platform which promotes “the art of human hacking” has been hacked. As a result, its users’ data was leaked on a competitor’s website.

89,000 unique email addresses linked to 55,000 members of the platform were compromised, as well as usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. The data breach took place on June 13.

According to the Have I Been Pwned website, “the breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database”.




What was the reason for Social Engineered’s Data Breach?

Snow101, the owner of Social Engineered, shared in a forum post that a vulnerability in MyBB is the reason for the data breach. “Mybb had a vulnerability yet again and the site got breached along other websites using Mybb. We moved over to xenforo i suggest changing your passwords immideately,” he wrote.

MyBB is an open-source, free software project that used for creating and maintaining forums. It appears that the flaw may be a recently disclosed critical stored cross-site scripting bug located in MyBB’s private messaging and post modules. In case of exploit, the vulnerability could allow attackers to obtain full access to an account. The good news is that the flaw was addressed in MyBB version 1.8.21, which was released on June 10.

Related: 8.4TB of Email Metadata Exposed by ElasticSearch Database

To prevent another incident, Social Engineered has been moved to the XenForo platform. The forum owner has asked members of the forum to make donations so that SocialEngineered transforms into a commercial forum.

In Q1 2019 alone,

a total of 1903 publicly disclosed data breaches have been registered, as disclosed by Data Breach QuickView Report conducted by Risk Based Security. The data breaches exposed more than 1.9 billion records only in the first quarter of 2019.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...