Posted on December 30, 2020 at 12:07 PM
Hackers Steal Credit Card Details From Usenet Site NBZgeek
A recent report reveals that major Usenet indexer NZBGeek was hacked with credit card details of users on the site stolen.
The hackers also succeeded in installing a keylogger, which opened the door to further abuse. As a result of the hack, the NZBGeek has asked users to secure their credit cards and their online accounts used on the site recently.
Even with the growing popularity of private streaming sites, the traditional file-sharing tools are still gaining an audience, although not as large as it used to be.
This is the case with sites like Usenet and BitTorrent. For Usenet, there are very few players in this category that are larger than NZBGeek. It has a solid reputation for providing indexing services that enable users to find the content they seek.
Users can sign up on the NZBGeek platform without any fees. However, there is another feature that allows people to donate involuntarily, which comes with additional benefits for those that donate. The additional feature gives users more browsing and searching options for over 500,000 NZBs the site has indexed.
After the hack of the site, those who have donated funds by submitting their credit card info are now at risk of future attacks, including impersonation attempts.
The infiltration of the NZBGeek portal was announced on December 27. According to the announcement, the hackers succeeded in stealing credit card numbers, email addresses, encrypted passwords, and usernames.
The site’s operators said the hackers placed a keylogger on the site on November 20. That means users who have logged in to the site after that period may have been affected. NZBGeek handlers warned users who have used the site recently to be more careful because the hackers may have stolen their details.
Hacker used SQL exploit
One of the site’s operators said the site doesn’t store any credit card details as part of its privacy policy. However, the hackers used SQL exploit to install a Javascript-based keylogger. When the user enters their details on the site, the keylogger quickly intercepts the details.
Generally, the site functions without issues, as users have not had reasons to complain. However, the normal service was disrupted last week. The site was initially unreachable before it came back online. A few hours later, the site’s handlers wrote on the message board that the site was having hosting-related issues.
But it appears that the issue is even more serious than what the handlers confirmed.
“It’s with a heavy heart that we must admit that we have had a breach,” one of the site’s handlers finally admitted.
The handler also told users who have recently used their details on the site to change their credit card info and credentials as soon as possible. Users have also been advised to change account details on other sites if they are the same as the details used on NZBgeek.
However, for those who used PayPal payment options instead of credit cards, their details should be safe if they are using a complex password.
NZBgeek taking steps to deal with the situation
NZBgeek said an investigation is already ongoing, adding that all other systems are currently offline apart from the API. It also assured the NZBgeek community that it will share more information when there is a new development about the hack.
However, users of the platform have shown serious concern about the situation. Some are concerned that their IP addressed and other details have been exposed, along with their download history. NZBgeek has assured users who are affected that it’s taking massive steps to deal with the situation.
Usenet was launched in 1980 as an antecedent to internet forums. 40 years later, it’s still surprising that some are still loyal to this type of setup. Usenet was very popular through the mid-2000s, but the popularity has waned since forums and blogs came on onboard.
The platform has been more active now basically for sharing pirated content, and it is sometimes seen as the ideal alternative to pirated content.
On the other hand, NZBGeek was launched as a paid service in 2012. The service links up users to Usenet threads, such as pirated content. The service is regarded as one of the best when it comes to Usenet indexing services.