Nulled.IO forum used to sell credentials and cracks is itself hacked, potentially allowing law enforcement to solve other attacks
A popular hacking forum has itself suffered a major data breach, with identifiable information on 473,700 registered users, private messages and restricted posts compromised.
Researchers at Risk Based Security say the Nulled forum was compromised on 6 May, with 9.45GB of data and 2.2 million posts dumped.
Members used the forums to share, sell and buy leaked content, stolen credentials, nulled software and software cracks, meaning the leak is significant as the information could be used to identify perpetrators of other cyber-attacks.
Hacking the hackers
“Considering this forum promotes the sharing of these activities it makes this breach quite ironic,” said researchers, who suggested a vulnerability in the IP.Board forum software used by Nulled was used to execute the attack as there have 185 flaws identified in the platform already in 2016.
“The database actually contains 536,064 user accounts with 800,593 user personal messages, 5,582 purchase records and 12,600 invoices which seem to include donation records as well.”
“The accounts compromised all contain user names, email addresses, encrypted passwords, registration dates and registered with IP address. Other tables such as the nexus transactions table for VIP access payments contains User ID (which can be matched back to users in the customers table), payment methods, paypal emails, dates and costs.”
“Further we find API credentials for 3 payment gateways (Paypal, Bitcoin, Paymentwall) as well as 907,162 authentication logs with geolocation data, member id and ip addresses, and 256 user donation records that are able to be matched to the user with member id.”
The Nulled.IO website simply displays a message ‘Temporary unscheduled maintenance’ at the time of publication, but in addition to the reputational damage suffered by the site, the fact that so much of the ‘VIP’ content is in the public domain means its business model has suffered a huge blow.
Experts noted that 19 accounts where registered with ‘.gov’ email addresses in the US, Phillipines, Brazil, Turkey and others, meaning it was possible that some authorities were using the forums to gain information. Now with the cloak of anonymity removed, the researchers suggest members might have to worry about being tracked down.
“As you can imagine, this can lead to significant problems for forum users,” they said. “If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any ‘suspects’ under investigation for possibly conducting illegal activities via the forums.
“With this being such a comprehensive dump of data it offers up a very good set of information for matching a member ID to the attached invoices, transactions and other content such as member messages and posts.”
Are you a data breach expert? Take our quiz to find out!