Stolen credentials forum OGUsers has been hacked again, with user data stolen — a case of hackers being hacked.

First reported today by Krebs on Security, the hack is said to have taken place about a week ago with the front page of OGUsers defaced with a message stating that the forum’s user database had been compromised. The hack was confirmed by the forum’s administrator, who claimed that passwords were protected with “password obfuscation technology” that’s extremely difficult to crack, likely referring to encryption.

When OGUsers was hacked in May 2019, those behind the attack published the stolen user data on another forum. But the person behind the new hack has not yet released the database. A person claiming to be the hacker is instead taunting forum members, saying they can have their profile and private messages removed from an impending database leak for a payment of between $50 and $100.

Krebs on Security noted that the previously leaked databases — the site was also hacked in March 2020 — have been useful in tracing who’s behind high-profile incidents involving social media accounts and virtual currency heists that involved SIM swapping. In one case, data previously leaked in part led to the conviction of a 21-year-old Irish hacker earlier this month.

Erich Kron, security awareness advocate at security awareness company KnowBe4 Inc., told SiliconANGLE that this is a lesson that if you want to serve a community related to cybercrime, you can expect to be a target yourself, especially by competing services.

“The tactic they are using is suspiciously like what we see in ransomware attacks where data is exfiltrated,” Kron said. “It’s not the first time we have seen cybercriminals shake down the customers of an organization to prevent their data from being made public, but this is a fairly unique venue for this sort of tactic.”

Paul Bischoff, privacy advocate at tech research firm Comparitech Ltd., suggested that the hack of OGUsers is probably good news for social media users.

“The hack diminishes forum members’ trust and will likely result in some users leaving OGUsers,” Bischoff explained. “If I was using a forum that got hacked three times, I certainly wouldn’t stick around.”

Image: OGUsers