Hackers vs. hackers: leaked Cracked [.] To forum database

On hacking-dedicated site Raidforums [.] Com was published a dump, containing data from more than 321,000 users of another hacker resource, Cracked [.] To.

In general, according to the information of the leak aggregator HaveIBeenPwned, the dump posted on Raidforums is a database generated by the myBB forum. The database contains 749 161 unique email addresses, as well as IP addresses, usernames, private messages and passwords stored as bcrypt hashes.

Reference: describes itself as a forum that provides “cracking tutorials, tools, combolists, marketplace and many more stuff!” Raidforums, meanwhile, offers forums on the same topics.

ArsTechnica reporters who have already studied the leak, report that the 2.11 GB dump includes more than 379,000 private messages.

Many of these messages feature details that most hackers usually try not to disclose, in addition to usernames, email addresses, and IP addresses.

Having this information, it becomes possible to identify people who wanted to buy, sell or support software or services for hacking.

Read also: C&C server of the new version of Mirai hides in the Tor-network

Journalists point out that on Cracked [.] To very popular topics for discussion were transactions and hacking accounts for the Fortnite game. The site flourished selling already compromised accounts, as well as discussing special hacking software. Also on the site, for example, are advertised services for using CVE-2018-20250, a critical vulnerability in WinRAR found earlier this year.

“With no doubt, private messages being leaked in plaintext is the worst thing about the whole database breach.However as a forum owner you can’t really control what people are dealing with in DMs unless you look them up directly in the database”, — the administrator, who uses the handle floraiN, said.

How the Raidforums administration managed to get the database of another hacker resource is still unclear. The head of Raidforums, known under the pseudonym Omnipotent, succinctly told reporters that the case was not without an exploit, but did not specify.

Meanwhile, back in July 2019, Cracked [.] To operators recognized that backups of forums and databases fell into the hands of not sufficiently reliable people, after which resource administrators decided to switch from a weak default password hashing scheme to a more reliable solution and asked all users change passwords.

Thanks to this case, leaked passwords now are protected by bcrypt, so, cracking them will be expensive and long process.

After Cracked [.] To users’ information was published on Raidforums, the administration of the affected resource promised that this incident would have consequences that would affect both the forum that distributes the stolen backups and the person who leaked it.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button