Hacking forum spills rival’s 321,000 member database
When users of hacking forums turn on each other, expect things to get messy quickly.
The latest site to find itself on the receiving end of this phenomenon is Cracked.to which last Friday reportedly found its database of 321,000 members and 749,161 unique email addresses leaked on rival site, RaidForums.
We can say that with confidence because by Monday the compromised accounts had become another statistic on the Have I Been Pwned (HIBP) breach database the industry’s go-to for news of such incidents.
That dated the breach to 21 July, with the stolen data also including things anyone frequenting a forum of this type would rather not be out in the open such as “IP addresses, passwords, private messages, usernames.”
As Ars Technica points out, this isn’t likely to be as serious a data breach as it would be for a more mainstream website.
IP addresses will likely be anonymised using Tor with account email addresses that probably won’t identify the users behind them this is a cagey hacking forum after all.
As for password security, according to the site’s breach warning, it appears that months before the breach an admin at Cracked.to realised the danger of using weak hashing:
We have changed the hashing algorithm of passwords from myBB default (MD5) to something more advanced a few months ago, which makes it almost impossible to decrypt your passwords.