A forum dedicated to the art of social engineering, Social Engineered, has been compromised and its users' data leaked on a rival website.
The data breach occurred on June 13, 2019. The details of the forum users, including 89,000 unique email addresses linked to 55,000 forum account holders, usernames, IP addresses, and passwords stored as salted MD5 hashes were published and leaked online.
In addition, private messages sent by users were also included in the data dump, according to Have I Been Pwned. The information has been added to the data leak search engine.
CNET: US hits Iran with crippling cyberattacks, says a report
In a blog post penned on Thursday by the owner of Social Engineered, nicknamed Snow101, a vulnerability in MyBB is to blame for the leak.
MyBB is open-source, free software for creating and maintaining forums. The vulnerability in question may be a recently-disclosed critical stored XSS bug in MyBB's private messaging and post modules which, if exploited, permits attackers to gain full access to a target account.
TechRepublic: How to view your privacy settings for Microsoft Office 365
If a malicious message containing JavaScript code is sent to an administrator or published on a MyBB forum, th ..
Support the originator by clicking the read the rest link below.
