OGUsers
{{Short description|Internet forum}}
{{Use dmy dates|date=February 2023}}
{{Infobox website
| name = OGUsers
| logo = File:Oguserslogo.png
| logo_size = 125px
| logo_caption = OGUsers logo
| type = Internet forum
| language = English
| advertising = Yes
| commercial = Yes
| registration = Optional (required to participate)
}}
OGUsers (OGU){{Cite web |date=2020-04-06 |title=Hackers' forum hacked, OGUsers database dumped (again) |url=https://nakedsecurity.sophos.com/2020/04/06/hackers-forum-hacked-ogusers-database-dumped-again/ |access-date=2023-03-10 |website=Naked Security |language=en-US|archiveurl=https://web.archive.org/web/20220809074159/https://nakedsecurity.sophos.com/2020/04/06/hackers-forum-hacked-ogusers-database-dumped-again/|archivedate=August 9, 2022}} is an Internet forum that facilitated the discussion and buying of social media accounts and online usernames.{{Cite web |last1=Pastrana |first1=Sergio |last2=Hutchings |first2=Alice |last3=Thomas |first3=Daniel |last4=Tapiador |first4=Juan |date=21 October 2019 |title=Measuring eWhoring |url=https://www.cl.cam.ac.uk/~sp849/files/IMC_2019_measuring-ewhoring.pdf |url-status=live |access-date=2023-02-24 |website=University of Cambridge |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225051520/https://www.cl.cam.ac.uk/~sp849/files/IMC_2019_measuring-ewhoring.pdf}}{{Cite magazine |last=Newman |first=Lily Hay |title=A Coordinated Takedown Targets 'OGUser' Account Thieves |language=en-US |magazine=Wired |url=https://www.wired.com/story/oguser-instagram-twitter-tiktok-takedown/ |access-date=2023-02-25 |issn=1059-1028 |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225045240/https://www.wired.com/story/oguser-instagram-twitter-tiktok-takedown/ |url-status=live}} Established in 2017, the website is dedicated to the buying and selling of "rare" or "OG" online accounts that are considered valuable due to their name or age.{{Cite web |last=Serapiglia |first=Anthony |date=2019 |title=Cybersecurity and Cryptocurrencies: Introducing ecosystem vulnerabilities through current events |url=https://proc.iscap.info/2019/cases/5110.pdf |url-status=live |access-date=2023-02-24 |website=Interagency Security Classification Appeals Panel |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225053217/https://proc.iscap.info/2019/cases/5110.pdf}} The website acts as a platform for cybercrime and the harassment of individuals for access to their online accounts.{{Cite web |date=29 April 2021 |title=OGUsers hacker forum hacked for 4th time; database leaked |url=https://www.hackread.com/ogusers-hacker-forum-hacked-database-leaked/ |access-date=2023-02-25 |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225052457/https://www.hackread.com/ogusers-hacker-forum-hacked-database-leaked/ |url-status=live}}{{Cite web |title=The Hackers Who Can Hijack Your SIM Card Using Only Your Phone Number |url=https://www.vice.com/en/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin |access-date=2023-02-25 |website=www.vice.com |language=en |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225052628/https://www.vice.com/en/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin |url-status=live}}{{Cite web |title=Harassing texts. Unwanted deliveries. Fake bomb threats that bring police to the door. Inside the tactics cybercriminals use to get social media users to surrender their accounts |url=https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/ |access-date=2023-02-25 |website=www.cbsnews.com |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225045432/https://www.cbsnews.com/news/cybercriminals-social-media-accounts-harass-extort/ |url-status=live}}{{Cite news |last=Lorenz |first=Taylor |date=4 February 2021 |title=Instagram Bans Hundreds of Accounts With Stolen User Names |language=en-US |work=The New York Times |url=https://www.nytimes.com/2021/02/04/style/instagram-account-fraud-ban.html |access-date=2023-02-25 |issn=0362-4331 |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225045430/https://www.nytimes.com/2021/02/04/style/instagram-account-fraud-ban.html |url-status=live}} Several high-profile incidents have been linked to the forum, most notably the 2020 Twitter account hijacking.{{Cite web |last=Ghosh |first=Isobel Asher Hamilton, Shona |title=A hacker forum obsessed with super-short 'OG' handles was selling Twitter account access for $3,000 days before the giant hack |url=https://www.businessinsider.com/og-twitter-hacker-forum-selling-accounts-ahead-of-giant-hack-2020-7 |access-date=2023-02-25 |website=Business Insider |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225052805/https://www.businessinsider.com/og-twitter-hacker-forum-selling-accounts-ahead-of-giant-hack-2020-7 |url-status=live}}
Incidents
The site has been linked to various SIM swap scams, where discussion took place on identity theft methods to change login information for online accounts.{{Cite magazine |last=Morris |first=Alex |date=8 July 2022 |title=How 'Baby Al Capone' Pulled Off a $24 Million Crypto Heist |url=https://www.rollingstone.com/culture/culture-features/crypto-heist-teenage-hacker-ellis-pinsky-1367400/ |access-date=2023-02-25 |magazine=Rolling Stone |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225053939/https://www.rollingstone.com/culture/culture-features/crypto-heist-teenage-hacker-ellis-pinsky-1367400/ |url-status=live}}{{Cite web |last=Hicks |first=Jasmine |date=20 October 2021 |title=Two SIM swappers phished a phone company so they could steal $16K in crypto |url=https://www.theverge.com/2021/10/20/22736474/sim-swapping-crypto-currency-wireless-thief-guilty |access-date=2023-02-25 |website=The Verge |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225054247/https://www.theverge.com/2021/10/20/22736474/sim-swapping-crypto-currency-wireless-thief-guilty |url-status=live}}
Graham Ivan Clark, regarded as the "mastermind" behind the 2020 Twitter account hijacking, was a former member of the forum.{{Cite web |last=Goodin |first=Dan |date=17 March 2021 |title=I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence |url=https://arstechnica.com/tech-policy/2021/03/i-was-a-teenage-twitter-hacker-graham-ivan-clark-gets-3-year-sentence/ |access-date=2023-02-25 |website=Ars Technica |language=en-us |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225055917/https://arstechnica.com/tech-policy/2021/03/i-was-a-teenage-twitter-hacker-graham-ivan-clark-gets-3-year-sentence/ |url-status=live}} Two participants, Mason Sheppard and Nima Fazeli, acted as brokers in selling of Twitter handles on the website.{{Cite web |title=How the FBI tracked down the Twitter hackers |url=https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/ |access-date=2023-02-25 |website=ZDNET |language=en |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225060123/https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/ |url-status=live}}
In 2020, a man from Tennessee died from a heart attack during a swatting. An individual in the United Kingdom was attempting to coerce the man for an online username by utilizing tactics of the site, with him later being sentenced to five years in prison.{{Cite web |last=Price |first=Rob |title='I want your Instagram account': First came the threatening texts, followed by the SWAT teams. Then someone wound up dead. |url=https://www.businessinsider.com/handles-instagram-twitter-social-media-deadly-harassment-campaign-2022-7 |access-date=2023-03-02 |website=Business Insider |language=en-US |archive-date=2 March 2023 |archive-url=https://web.archive.org/web/20230302094131/https://www.businessinsider.com/handles-instagram-twitter-social-media-deadly-harassment-campaign-2022-7 |url-status=live}}{{Cite news |last=Cramer |first=Maria |date=2021-07-24 |title=A Grandfather Died in 'Swatting' Over His Twitter Handle, Officials Say |language=en-US |work=The New York Times |url=https://www.nytimes.com/2021/07/24/us/mark-herring-swatting-tennessee.html |access-date=2023-03-02 |issn=0362-4331 |archive-date=2 March 2023 |archive-url=https://web.archive.org/web/20230302094121/https://www.nytimes.com/2021/07/24/us/mark-herring-swatting-tennessee.html |url-status=live}}
=Security breaches=
The website was hacked in May 2019, with the administrator of RaidForums uploading the database of the website for anyone to access.{{Cite web |title=Account Hijacking Forum OGusers Hacked – Krebs on Security |url=https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/ |access-date=2023-02-25 |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225062411/https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/ |url-status=live}} In December 2020, the website was hacked again with user data being stolen.{{Cite web |date=2 December 2020 |title=Stolen credentials forum OGUsers hacked again with user data stolen |url=https://siliconangle.com/2020/12/02/stolen-credentials-forum-ogusers-hacked-user-data-stolen/ |access-date=2023-02-25 |website=SiliconANGLE |language=en-US |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225062638/https://siliconangle.com/2020/12/02/stolen-credentials-forum-ogusers-hacked-user-data-stolen/ |url-status=live}}
Reception
Brian Krebs, an American journalist and investigative reporter known for the coverage of cybercriminals, has described the forum as a place "overrun with shady characters who are there mainly to rip off other members."{{Cite web |date=4 February 2021 |title=Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts – Krebs on Security |url=https://krebsonsecurity.com/2021/02/facebook-instagram-tiktok-and-twitter-target-resellers-of-hacked-accounts/ |url-status=live |access-date=2023-02-24 |website=KrebsonSecurity |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225061431/https://krebsonsecurity.com/2021/02/facebook-instagram-tiktok-and-twitter-target-resellers-of-hacked-accounts/}} In his report, he described how Facebook, Instagram, TikTok, and Twitter have taken steps to crack down on users of the forum involved in the trafficking of hijacked accounts.{{Cite web |title=Facebook, Instagram, TikTok and Twitter crack down on 'OGUsers' theft ring |url=https://www.cnet.com/news/privacy/facebook-instagram-tiktok-and-twitter-crack-down-on-ogusers-theft-ring/ |access-date=2023-02-25 |website=CNET |language=en |archive-date=25 February 2023 |archive-url=https://web.archive.org/web/20230225061453/https://www.cnet.com/news/privacy/facebook-instagram-tiktok-and-twitter-crack-down-on-ogusers-theft-ring/ |url-status=live}} Facebook told Krebs that the forum uses various tactics, such as harassment, intimidation, hacking, coercion, extortion, sextortion, SIM swapping, and swatting.