Notorious Maza cybercrime forum attacked by other hackers

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.

Maza, aka Mazafuka, is one of the oldest cybercrime forums where the rest of the community must vote on aspiring members before they are granted access.

"Maza is considered to be one of the oldest and elite crime communities with one of the highest barriers of entry for hackers since the days of DirectConnection forum (home of the Dridex operators)," cybersecurity intelligence firm Advanced Intel's Vitali Kremez told BleepingComputer.

Last night, BleepingComputer was contacted by a newly registered Twitter user who stated that the Maza forum was hacked and member data was leaked.

"Maza forum hacked and credentials leaked! Verified, Dread, club2crd and now maza, are the darkweb forums safe anymore?," the Twitter user stated along with the following screenshot of the leak.

The leaked data consists of approximately 2,982 user records and contains members' user IDs, user names, email addresses, redacted passwords, certificate file names, certificate passwords, and members' contact information on icq, aim, yahoo, msn, and skype.

Unlike most forums, Maza requires its members to generate a certificate and a corresponding password used along with a username and password to log into the forum. This additional security creates a more secure authentication where only those who have the proper certificate can log in.

Maza members' certificate passwords were also exposed in this leak but not the certificates themselves.

While not all fields contained contact info, some of the accounts listed ICQ accounts, which are commonly used to communicate with other threat actors, making this valuable information for law enforcement.

Russian-speaking hacker forums under attack

Maza is not the only Russian-speaking hacker forum targeted in recent attacks.

The person who shared the Maza leak with BleepingComputer last night also shared screenshots of posts made to Verified, Dread, and Club2Crd about recent attacks on their forums.

According to FlashPoint, the 'Verified' cybercrime community was forcefully taken over on February 15th by unknown operators who claimed to exploit a vulnerability to take control of the site.

The screenshot shared with BleepingComputer is for a post where the new operator explains how they took over the forums and their plans for the site.

A day later, 'mak,' a staff member of the 'Club2Crd' carding and cybercrime forum, announced that his Club2Crd account had been hacked to perform scams on the site and steal money from other members.

"Additionally, one of the oldest super-moderators of the mid-tier forum Club2Crd “mak” experienced a complete account takeover resulting in the appearance of the multiple new scam services and decreasing trust in cybercrime communities," Kremez explained to BleepingComputer.

Finally, the Reddit-like 'Dread' dark web site experienced attacks in February around the same time that has led them to institute new protective measures to prevent future cyberattacks. 

It is unknown if the person who contacted BleepingComputer is the one who attacked these forums or is simply a member of all of them.

However, these attacks illustrate that no one is safe from cyberattacks, including the hackers themselves.