Cyber Incident Victim: OGUsers

On April 2, 2020, the OGUsers hacking forum suffered its second major security breach within a year. An attacker exploited a vulnerability in the forum's avatar upload functionality, gaining unauthorized access through a shell and compromising the platform's database containing user records dated that same day. The breach exposed sensitive details of over 200,000 registered users, corresponding to the forum's publicly listed membership count at the time. Forum administrator Ace confirmed the intrusion in a public statement shortly after the incident. Data breach monitoring service Under the Breach first detected the breach announcement before administrators took the forum offline for maintenance. In response, OGUsers administrators reset all user passwords and strongly advised members to enable two-factor authentication (2FA) to prevent account hijacking attempts using the stolen credentials. By April 3, 2020, the stolen user database appeared on a rival hacking forum, mirroring the aftermath of the forum's previous breach.

This incident represented a recurrence of security failures for OGUsers, which had previously been compromised in May 2019 when attackers stole data for 113,000 users and wiped forum hard drives. The platform had gained notoriety since 2018 as a primary marketplace for trading hijacked Instagram accounts and coordinating SIM-swapping attacks, making it a frequent target for both law enforcement and rival hackers. While the breach disrupted forum operations and exposed members' data, the leakage of such information historically aided law enforcement investigations into cybercriminal activities associated with the platform. The repeated breaches underscored persistent vulnerabilities in the forum's infrastructure despite its operators' familiarity with account takeover techniques, as the 2020 attack vector through avatar upload functionality demonstrated continued weaknesses in basic security practices.