Maza Russian cybercriminal forum suffers data breach

Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn.
Written by Charlie Osborne, Contributing Writer

The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. 

On March 3, Flashpoint researchers detected the breach on Maza -- once known as Mazafaka -- which has been online since at least 2003. 

Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding -- the trafficking of stolen financial data and payment card information -- and the discussion of topics including malware, exploits, spam, money laundering, and more. 

Once the forum was compromised, the attackers who took the forum over posted a warning message claiming "Your data has been leaked / This forum has been hacked."


Information including user IDs, usernames, email addresses, messenger app links -- including Skype, MSN, and Aim -- and passwords, both hashed and obfuscated -- were included in the data leak. 

Flashpoint told ZDNet roughly 2,000 accounts were exposed.

During discussions concerning the breach, some users say they are intending to find another forum, whereas others claim the database leaked is old or "incomplete," according to the researchers.

Flashpoint does not know at this time who hijacked the forum, beyond the likelihood that an online translator may have been used to post the warning message -- implying it may not have been a Russian-speaker unless mistakes were deliberate in an effort at misdirection. 

Maza was previously hacked in 2011. Reports suggested at the time that the forum was compromised by a rival group, DirectConnection, and data belonging to over 2,000 users was leaked. Shortly after, DirectConnection was attacked in its turn. 

Aleksei Burkov, who has been tied to the alias 'Kopa,' is thought to have served as an admin for both forums. Burkov was sentenced to nine years behind bars by US authorities in 2020 for operating the CardPlanet carding forum.

In January, Russian forum Verified was taken over without warning. The introduction of new domains, temporary open registration, and the silence of old moderators has raised suspicion among some users as to the intentions of the new owners. 

Users may be justified in such concerns, especially considering law enforcement is now posting 'friendly' warnings on hacking forums to discourage illegal activities. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards