14 DAY TRIAL // After UGNazi hackers took credit for breaching the systems of MyBB, the popular forum software, the company’s representatives came forward to clarify the incident.
According to MyBB’s Product Manager Tim B., they have managed to regain control of all their systems, the restoration process being underway.
“There are still a few missing pieces, but at this stage we have a pretty clear understanding of what happened. Contrary to what has been posted elsewhere, we do not believe social engineering was the culprit, although the hackers did try unsuccessfully to gain access to several of our accounts via this method,” he explained.
Apparently, everything began after the hackers gained access to Chris Boulton’s (founder, lead product manager) personal Apple ID account. From there, the attackers have been able to reset passwords to the domain and hosting accounts.
“It’s still not clear how they got access to this account, however they also had numerous personal details about Chris, including contact details and knowledge of at least the last four numbers of his primary credit card,” Tim added.
Unfortunately, UGNazi managed to cause some damage, including the remote wipe of Boulton’s iPhone via iCloud, allegedly to prevent him from having 3G access.
While SoftLayer, MyBB’s host, acted quickly on notifying the founder when the hackers reset his password, NameChap, the domain registrar, hasn’t been so responsive. It took NameChap six hours to handle the situation and return the account to the rightful owners.
During this time, the cybercriminals redirected all visitors to their defacement page and even tried to transfer the domain. As a result of this unfortunate situation, MyBB has been transferred to another, hopefully more capable, domain registrar.
On the positive side, the firm's representatives are confident that the hackers haven't been able to access the server or the databases.
“Since then we have been planning the recovery effort, including taking the opportunity to improve our infrastructure. We will be moving to a new server setup, but given our security scare a few months ago we are also auditing the site software we use and only moving what we know is clean to the new server,” the product manager said.
The measures taken by MyBB to reinforce their security includes the adoption of a two-factor authentication “wherever possible.” Even though the website didn’t have anything to do with the breach, it will also be enhanced from a security standpoint.
When it comes to the reasons for which they have become a target, MyBB is just as baffled as many other people who have been following the “activities” of the UGNazi collective. “The group identified MyBB as being targeted because one of our user’s runs an online forum dedicated to hacking. By this same analogy, if someone purchases a car and then uses it to run someone down or damage another’s property, then the manufacturer of the car should be responsible, which is obviously corrupted logic.”