Attackers have gained access to private information of NZBGeek users. The site has informed account holders of this in an email and on Discord. Credit card details and encrypted passwords, among other things, have been stolen.
Screenshot from Discord server NZBGeek
The homepage of the usenet service does not mention the data breach, but NZBGeek confirms the data breach in an email to users and on Discord. In addition, the site specifically warns users who have recently used a credit card to pay for the site’s services. “Then we advise you to change your credentials and your card info as soon as possible. We don’t know exactly what the damage is yet, but we are working to find out and provide the information as soon as possible.” Users could see suspicious transactions from Green Goat Gaming, the payment service that NZBGeek uses and a name that the attackers seem to have spoofed.
In addition to credit card information, usernames, encrypted passwords and email addresses have also been stolen. PayPal info is not compromised unless users have used the same username / password combination for NZBGeek as they used for PayPal. “The hackers put a keylogger on the site. They got hold of a copy of our database. During this time we got an indexer fail on our hard drive.” All functionality of the site except the API is offline. The company has had an external investigation into the data breach.