HackForums investigating 'possible account security compromise'

HackForums, a popular internet messageboard dedicated to information security and hacking, is investigating a "possible account security compromise". Postings on the website alongside screenshots circulating on social media are now informing users about a possible breach.

The message states in full: "We are currently investigating a possible account security compromise at HackForums. In order to ensure your account is indeed secure we ask that you change your password and enable 2FA [two-factor authentication]. You can verify the validity of this email on HackForums which we will confirm and provide additional details. We apologise for any inconvenience. This email has been sent to all upgraded members of our community."

IBTimes UK was first alerted to the problem by security researcher Troy Hunt, who posted the screenshot online. Meanwhile, on HackForums, an administrator under the pseudonym "Omniscient" has now alerted members to the incident.

In a detailed post, the admin wrote: "While conducting my normal day of checking for stolen accounts I came across a dozen or so Ub3r accounts stolen in the last few days. Upon further inspection and looking for more accounts stolen or sold related to these accounts I found something rather alarming."

These 'Ub3r' accounts are a form of premium membership offered on the forum which are sold for $25 (£17) using the popular cryptocurrency bitcoin.

"In my logs I found that nearly 40 accounts had attempts to login and it became obvious these were not sold accounts," Omniscient continued. "Indeed these appear stolen. I conclude that because out of the 40 accounts only the ones without 2FA were actually logged into and stolen. And more than a few members of these stolen accounts closed have contacting me to claim they were not sold and their computers are not infected.

"I can't say when or how but apparently somewhere at some point we had a compromise of account security. All accounts compromised are older than one year ago. Which might be when the compromise occurred, maybe."

However the investigation is ongoing. "Questions remain," Omniscient added. "When did it happen? How did it happen? Are we still insecure? And unfortunately at the time of this writing I can't say."

The admin continued: "I am still investigating this and messages have been sent to the members involved. With their help I should be able to get some answers [...] I will need all members to change their passwords immediately and enable 2FA if you have an account with access. HF [HackForums] database does not store any private order data like name, address, or phone. We only have the most basic info which is IPs and emails."

It is now highly advised that all users change their passwords and enable multifactor verification on their accounts to fend off any unwanted intrusions.