Data Breach: Russian Cybercriminal Forum Maza Leaked 2,000 Accounts

In this case, a forum wasn’t a place to swap hacker tools and stolen data, but a target of cyberattackers.

Maza, a Russian cybercriminal forum formerly known as Mazafaka that has been operating since at least 2003, has reportedly suffered an attack resulting in a data breach and leak of user information. 

Researchers at Flashpoint, a cybersecurity firm reported a breach on Maza yesterday, on March 4. 

Maza is a restricted forum popular with Russian-speaking threat actors. Its community members are involved in illicit activities such as carding and discuss topics like malware, exploits, spam, money laundering, etc. Flashpoint calls it “a community of some of the most sophisticated cybercriminals and financial fraudsters in the criminal underground.”

The attackers who took the forum over posted a warning message saying “Your data has been leaked / This forum has been hacked.”

Flashpoint threat researchers successfully obtained the purported leaked data. According to them, stolen information may include user IDs, usernames, email addresses, passwords (hashed and obfuscated), messenger app links, and more. 

Flashpoint shared to ZDNet that some 2,000 accounts had been exposed in the dump. While the compromised data is extensive, the passwords have been hashed and most other data fields have been hashed or obfuscated.

During discussions concerning the breach, some users claim the leaked database is old, some say it’s “incomplete.”

It is unknown at this time who hijacked the forum. It is known, though, that Maza had previously been hacked in 2011, and data belonging to over 2,000 users was leaked. Users speculated at the time that the attack was done by a rival group, DirectConnection. Shortly after, DirectConnection was attacked in its turn. Users naturally speculated it was a rival forum Maza behind the attack.

The recent Maza breach follows recent attacks (both attempted and successful) on other Russian cybercrime forums, including the takeover of the Russian-language forum Verified. The forum Verified was taken over without any warning or message from the attackers.