NZBGeek, a popular Usenet site, has been hacked with user information including credit card details stolen.

It may surprise many that Usenet still exists in 2020. Established in 1980 as a precursor to internet forums, it was still somewhat popular through the mid-2000s for threaded discussions.

Although general use has massively dropped off — Slashdot declared Usenet dead in 2008 — it has still stuck around primarily for the distribution of pirated content. Indeed, it’s sometimes described as the best alternative to BitTorrent downloading.

NZBGeek was established in 2012 as a paid service that allows users to discover Usenet threads including pirated content. It’s regularly rated as being one of the best Usenet indexing services.

The hack of NZBGeek was announced on Dec. 27, with the hack said to include the theft of usernames, encrypted passwords, email addresses and credit card numbers. The hack involved the installation of a keylogger on the NZBGeek website. According to the operators of the site, the keylogger is believed to have been placed on the site on Nov. 20, so all users of the site since that time have potentially had their details stolen.

Speaking to TorrentFreak, an operator of the site who goes by the name Jeeves, said though the site itself does not store credit card details, the hackers used an SQL exploit to install a Javascript-based keylogger. A keylogger intercepts details after users enter them on a site.

The type of keylogger was not identified, but it sounds like a Magecart attack. In a typical Magecart attack, the skimmer is attached to the submit button on the checkout form on a targeted site. Once users click on a submit button, the code intercepts all customer information, then sends it to the hackers.

There is a long list of companies being targeted in Magecart attacks. Magecart first emerged in 2018 with an attack on British Airways Plc., spreading to Newegg Inc., the Infowars Store, Cathay Pacific Airways Ltd., Ticketmaster Entertainment Inc., Macy’s Inc., Sweaty Betty and Oxo International Ltd., among others.

The operators of NZBGeek have recommended that users of the site since Nov. 20 take appropriate action, including reporting the potential theft of their credit card details to their card issuer to protect them from any unlawful charges. Despite user passwords allegedly being encrypted, the operators also recommended that those who use the same username/password combination on any other site should change them along with using two-factor authentication with their accounts.

Image: NZBGeek