Social Engineering Forum Suffers Major Breach

An online forum focused on discussion of all things social engineering has been breached, with the details of tens of thousands of account holders compromised. Social Engineered administrator “Snow101” explained to users in a post late last week that the hackers exploited a vulnerability in open source forum software MyBB. The admin claimed they had been forced to move the platform over to XenForo, asking users to chip in to help pay for the migration. The breach itself happened on June 13, 2019 and compromised 89,392 accounts, according to information on HaveIBeenPwned. It claimed the details were published on a rival hacking forum, and included around 89,000 unique email addresses linked to 55,000 users and other tables in the same database. “The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes,” it added. Tripwire vice president, Tim Erlin, warned that, ironically enough, email addresses are often used in follow-on phishing raids and other social engineering attacks.