A notable underground online criminal forum called Mazafaka was compromised by unknown attackers.
The intrusion occurred on March 3, and the information about the forum members — including usernames, email addresses, and hashed passwords were publicly disclosed on a breach notification page put up by the attackers. The notification states that “Your data has been leaked” and “This forum has been hacked.”
Cybersecurity firm Intel 471 said that the announcement was accompanied by a PDF file allegedly containing a portion of forum user data. The file included more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details.
Mazafaka also called as Maza is an elite, invite-only Russian-language cybercrime forum which began its operation since 2003. It acts as an exclusive online space for exploit actors to trade ransomware-as-a-service tools and conduct other forms of illicit cyber operations.
It is the fourth forum to have been breached this year. The forum got hacked after successful breaches of other forums, including Verified, Crdclub, and Exploit.
Verified was breached on January 20, 2021, when the attacker claimed to have accessed the entire database on another popular forum called Raid Forums. The attacker also transferred $150,000 worth of cryptocurrency from Verified’s bitcoin wallet to their own.
A cybercrime forum called Crdclub disclosed an attack in February in which an administrator account was compromised. However, no personal information appears to have been stolen.
Lastly, this week, the Exploit cybercrime forum also suffered an attack in which a proxy server was compromised.
According to Flashpoint researchers, the Russian sentences on the Maza forum’s notification page were likely translated using an online translator. But it is not clear, if it involves a non-Russian speaking actor or if it was deliberately used to mislead attribution.