OG Users is a forum for people who steal login credentials for online services, mostly to sell desirable login-names for popular services like Instagram; it attained notoriety when Motherboard's Lorenzo Franceschi-Bicchierai linked the forum to an epidemic of SIM-swapping attacks; a few months later, the Reply All podcast devoted an episode to the forum.
Now, someone has hacked OG Users, and dumped "email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users," which can now be had via the rival hacking community Raidforums.
If you're worried about being attacked by the likes of OG Users, taking a set of small, easy-to-follow steps will provide an enormous amount of protection, with some measures providing effectively 100% protection.
The publication of the OGuser database has caused much consternation and drama for many in the community, which has become infamous for attracting people involved in hijacking phone numbers as a method of taking over the victim’s social media, email and financial accounts, and then reselling that access for hundreds or thousands of dollars to others on the forum.
Several threads on OGusers quickly were filled with responses from anxious users concerned about being exposed by the breach. Some complained they were already receiving phishing emails targeting their OGusers accounts and email addresses.
Meanwhile, the official Discord chat channel for OGusers has been flooded with complaints and expressions of disbelief at the hack. Members vented their anger at the main forum administrator, who uses the nickname “Ace,” claiming he altered the forum functionality after the hack to prevent users from removing their accounts. One user on the Discord chat summed it up:
Account Hijacking Forum OGusers Hacked [Brian Krebs/Krebs on Security]