Sunday, November 12, 2017
Home / Security / Breaches / UGNazis Hack 4chan, CloudFlare and Mybb

UGNazis Hack 4chan, CloudFlare and Mybb

UGNazis, a hacktivist group recently have gotten access to a CloudFlare employees Gmail.  A statement from Cloudflare below:

“The attack was the result a compromise of Google’s account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,”

Matthew Prince , the co-founder and CEO of the company said in the statement.

“The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it’s unlikely it was dictionary attacked or guessed,”

he added. Surprisingly, all CloudFlare’s accounts use two-factor authentication on Google. ” We are still working with Google to understand how the hacker was able to reset the password without providing a valid two-factor authentication token.” Until now, it is still unknown how they managed to get access to the accounts.

Video of the hacking of 4Chan:

After this occured, the UGNazis put out a statement on pastebin:

4chan.org is the playground that allows pedophiles to share their “collections” and the disgusting bronies to hang out. The site is loosely monitored and child porn threads are allowed to “stay alive” for an exceedingly long amount of time.

Lastly, there was no political motive here, we will not tell lies and pretend that it was all to fight an injustice. This was for the lulz. This was for the fame. This was done because only we have the skill to do it. This was done, so that we can laugh at your butthurt. We did it because we can.

On May 31st Mybb admits to being breached in the statement below:

Dear MyBB users,

Last night our domain name and hosting accounts were compromised by hackers.

Users of MyBB should not be concerned about their own installations. There is nothing to indicate the MyBB software itself contributed to the hacking in any way.

We hope to restore access to all services in the next 12 – 24 hours. At this stage we don’t believe our database was compromised, however we recommend users stay vigilant to unauthorized access of their accounts.

Download MyBB 1.6.8 (latest release)

We recommend you stay informed by following MyBB on facebook and twitter.
Regards, The MyBB Group.

and later the UGNazis claimed the hack.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …

  • Elmer FUD

    I think i know how the gmail accounts had there passwords reset…there’s a member of a private underground hacking forum that was selling a vulnerably in gmail that allowed attackers to reset the targets password…i don’t know much about it there guy was pretty vague but i do know that some members bought it while he was selling it, and they said it “works like a charm” and i know for a fact that members of UGNazi are active on this forum.

    • Could you e-mail me the url to the forum?

  • ElmerFUD

    Sorry it took a while to see the message you posted fastflux, its a private forum that requires people to vouch for you to join and they only let skilled and trust worthy people join, but i will post a link if it makes you happy.

    Link:https://anti-intruders.org/forum/AI/intruder/index.php

    • No problem, and thanks, seems as though it’s down. Depending on who i know with my other aliases i would like to see if i can get in.

  • You really make it appear so easy along with your presentation however I to find this matter to be really one thing that I believe I’d never understand. It seems too complicated and very wide for me. I am having a look ahead in your subsequent publish, I’ll try to get the cling of it!