Over the past few weeks, DataBreaches had occasionally checked a dark web leak site by an individual or group called “Mogilevich.” However, DataBreaches didn’t report on any of their claimed victims because the site and the claims seemed sketchy and there was no confirmation.
DataBreaches will not name and shame those sites or outlets that did report on the alleged hacks, but many sites and news outlets have responsibly headlined that Mogilevich’s claims were all a hoax. Hoaxes have consequences. Firms who are falsely accused of having been hacked may experience harm to their reputation. They may incur expenses to investigate the (false) claims and have to pay for public relations or legal services. A recent situation with State Farm comes to mind. Threat actors claimed to have hacked them and exfiltrated all customer data. They hadn’t acquired the customer data they had claimed, but that didn’t stop some eager-beaver lawyers and customer(s) from rushing to file suit over the alleged data breach. State Farm had to deal with bad press and litigation over a breach that never happened.
In a farewell post, Mogilevich claimed to have made money from what they describe as professionally executed fraud, but their claims about making money might also be a total hoax:
During Mogilevich’s brief existence, DataBreaches reached out to Mogilevich on Telegram to learn more about the individual or group. At the time, the individual claimed he knew “Kmeta,” but when DataBreaches contacted Kmeta, he said he never heard of Mogilevich. Confronted with that denial, Mogilevich claimed that Kmeta knew him under his previous name. But he didn’t provide it, and that’s where that interaction had ended.
Yesterday, a user named “Pongo” contacted DataBreaches on Telegram to ask DataBreaches to tell an administrator on BreachForums that Pongo was not Kmeta. That seemed to backfire for him because when DataBreaches contacted an administrator to inform them of the unexpected request, the administrator immediately said Pongo’s request proved that Pongo was Kmeta. But while the forum administrator is convinced that Pongo and Kmeta are the same, when asked directly, Kmeta denied being Pongo. But, of course, that’s what you’d expect a liar and a fraudster to say, right?
Kmeta suggested that Pongo was a clown who had never made any money or scammed anybody and was seeking attention. “There is zero proof he scammed anyone,” Kmeta told DataBreaches, adding that all journalists and researchers who reported on Mogilevich/Pongo have just helped him make himself famous.
So is Pongo really Kmeta, or is Kmeta telling the truth, and Pongo is just a Kmeta-wannabe?
DataBreaches isn’t sure, but it is sure that this site will likely not knowingly report on Pongo again unless it’s his arrest.