Underground marketplace and hacker forum, RaidForums, recently exposed internal pages from its website, meant for staff members only.
RaidForums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps.
Oops! RaidForums makes its staff area public
RaidForums is an underground place where private databases obtained from data breaches, vulnerability exploits, and credit card information sets are illegally traded by threat actors, or sometimes leaked for free.
On RaidForums, the “Staff General” section is typically restricted to internal staff members only, but in an ironic twist of fate, this private section was accidentally left open for viewing by anyone.
As seen by BleepingComputer, some of the private pages, as recent as September 20th, were indexed by Google:
The indexed post, shown below, contains “advice for account [security]” geared towards communicating security best practices to forum admins and moderators. The note contains tips on using password managers, enabling two-factor authentication for an account, and using VPNs.
“Create a false personality, use it when signing up to services that ask for this information, or even just use the information of celebrities or random people,” suggests the note posted by a RaidForums admin.
Other topics seen in the private area have included discussions on bans, the preferred place for hosting staff chat, and miscellaneous requests.
BleepingComputer observed a timestamp at the bottom of the page stating the current time to be “September 20, 2021, 05:17 AM,” indicating the page was left exposed up until this week.
At the time of our tests today, though, the “Staff General” section is now, once again, restricted to authorized personnel.