A social engineering forum being dedicated towards the ‘The Art of Human Hacking’, Social Engineered, was recently hacked ironically through social engineering and the data was leaked on a rival forum which affects 55,121 users as it includes their usernames, passwords stored as salted MD5 hashes, email addresses, IP addresses and their private messages.
The founder of the forum, Social Engineered, who goes with the username ‘Snow101’ confirmed the security breach by blaming the entire scenario on the MyBB vulnerability:
Mybb had a vulnerability yet again and the site got breached along other websites using Mybb. We moved over to xenforo i suggest changing your passwords immideately [sic].
MyBB is an open-source, and a free software which is used to create and run forums.
The leaked database was soon uploaded to HaveIBeenPwned and was later informed that the leak contained 89,000 unique emails out of those 55,000 users.
Snow101 also mentioned that the forum’s migrating from an open-source platform to Xenforo, which is a commercial forum platform to avoid further risks.
According to Bleeping Computers, the one who leaked the data has ‘uploaded the full database and the root directory’ of the forum which means that the leak also included the website’s source code, it’s data.