Social Engineered, a platform which promotes “the art of human hacking” has been hacked. As a result, its users’ data was leaked on a competitor’s website.
89,000 unique email addresses linked to 55,000 members of the platform were compromised, as well as usernames, IP addresses, private messages and passwords stored as salted MD5 hashes. The data breach took place on June 13.
According to the Have I Been Pwned website, “the breach of the XenForo forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database”.
What was the reason for Social Engineered’s Data Breach?
Snow101, the owner of Social Engineered, shared in a forum post that a vulnerability in MyBB is the reason for the data breach. “Mybb had a vulnerability yet again and the site got breached along other websites using Mybb. We moved over to xenforo i suggest changing your passwords immideately,” he wrote.
MyBB is an open-source, free software project that used for creating and maintaining forums. It appears that the flaw may be a recently disclosed critical stored cross-site scripting bug located in MyBB’s private messaging and post modules. In case of exploit, the vulnerability could allow attackers to obtain full access to an account. The good news is that the flaw was addressed in MyBB version 1.8.21, which was released on June 10.
To prevent another incident, Social Engineered has been moved to the XenForo platform. The forum owner has asked members of the forum to make donations so that SocialEngineered transforms into a commercial forum.
In Q1 2019 alone, [wplinkpreview url=”https://sensorstechforum.com/8-4-tb-email-metadata-exposed/”] a total of 1903 publicly disclosed data breaches have been registered, as disclosed by Data Breach QuickView Report conducted by Risk Based Security. The data breaches exposed more than 1.9 billion records only in the first quarter of 2019.