Maza Russian cybercriminal forum suffers data breach | ZDNet
MUST READ: Microsoft Exchange Server hacks ‘doubling’ every two hours
Maza Russian cybercriminal forum suffers data breach
Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn.
Charlie Osborne
By Charlie Osborne for Zero Day | March 4, 2021 -- 10:36 GMT (10:36 GMT) | Topic: Security
The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information.
On March 3, Flashpoint researchers detected the breach on Maza -- once known as Mazafaka -- which has been online since at least 2003.
Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding -- the trafficking of stolen financial data and payment card information -- and the discussion of topics including malware, exploits, spam, money laundering, and more.
Once the forum was compromised, the attackers who took the forum over posted a warning message claiming "Your data has been leaked / This forum has been hacked."
screenshot-2021-03-04-at-09-59-34.png
Flashpoint
Information including user IDs, usernames, email addresses, messenger app links -- including Skype, MSN, and Aim -- and passwords, both hashed and obfuscated -- were included in the data leak.
Flashpoint told ZDNet roughly 2,000 accounts were exposed.
During discussions concerning the breach, some users say they are intending to find another forum, whereas others claim the database leaked is old or "incomplete," according to the researchers.
This is how employers can build meaningful health and wellbeing initiatives in 2021
Employee health and wellbeing is important for any business owner that wants to create a successful organisation.
Sponsored by AXA Health
Flashpoint does not know at this time who hijacked the forum, beyond the likelihood that an online translator may have been used to post the warning message -- implying it may not have been a Russian-speaker unless mistakes were deliberate in an effort at misdirection.
Maza was previously hacked in 2011. Reports suggested at the time that the forum was compromised by a rival group, DirectConnection, and data belonging to over 2,000 users was leaked. Shortly after, DirectConnection was attacked in its turn.
SECURITY
Cyber security 101: Protect your privacy from hackers, spies, and the government
Cyber security 101: Protect your privacy from hackers, spies, and the government
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
Read More
Aleksei Burkov, who has been tied to the alias 'Kopa,' is thought to have served as an admin for both forums. Burkov was sentenced to nine years behind bars by US authorities in 2020 for operating the CardPlanet carding forum.
In January, Russian forum Verified was taken over without warning. The introduction of new domains, temporary open registration, and the silence of old moderators has raised suspicion among some users as to the intentions of the new owners.
Users may be justified in such concerns, especially considering law enforcement is now posting 'friendly' warnings on hacking forums to discourage illegal activities
Maza Russian cybercriminal forum suffers data breach
Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn.
Charlie Osborne
By Charlie Osborne for Zero Day | March 4, 2021 -- 10:36 GMT (10:36 GMT) | Topic: Security
The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information.
On March 3, Flashpoint researchers detected the breach on Maza -- once known as Mazafaka -- which has been online since at least 2003.
Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding -- the trafficking of stolen financial data and payment card information -- and the discussion of topics including malware, exploits, spam, money laundering, and more.
Once the forum was compromised, the attackers who took the forum over posted a warning message claiming "Your data has been leaked / This forum has been hacked."
screenshot-2021-03-04-at-09-59-34.png
Flashpoint
Information including user IDs, usernames, email addresses, messenger app links -- including Skype, MSN, and Aim -- and passwords, both hashed and obfuscated -- were included in the data leak.
Flashpoint told ZDNet roughly 2,000 accounts were exposed.
During discussions concerning the breach, some users say they are intending to find another forum, whereas others claim the database leaked is old or "incomplete," according to the researchers.
This is how employers can build meaningful health and wellbeing initiatives in 2021
Employee health and wellbeing is important for any business owner that wants to create a successful organisation.
Sponsored by AXA Health
Flashpoint does not know at this time who hijacked the forum, beyond the likelihood that an online translator may have been used to post the warning message -- implying it may not have been a Russian-speaker unless mistakes were deliberate in an effort at misdirection.
Maza was previously hacked in 2011. Reports suggested at the time that the forum was compromised by a rival group, DirectConnection, and data belonging to over 2,000 users was leaked. Shortly after, DirectConnection was attacked in its turn.
SECURITY
Cyber security 101: Protect your privacy from hackers, spies, and the government
Cyber security 101: Protect your privacy from hackers, spies, and the government
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
Read More
Aleksei Burkov, who has been tied to the alias 'Kopa,' is thought to have served as an admin for both forums. Burkov was sentenced to nine years behind bars by US authorities in 2020 for operating the CardPlanet carding forum.
In January, Russian forum Verified was taken over without warning. The introduction of new domains, temporary open registration, and the silence of old moderators has raised suspicion among some users as to the intentions of the new owners.
Users may be justified in such concerns, especially considering law enforcement is now posting 'friendly' warnings on hacking forums to discourage illegal activities
