Hacking Forum Hack Exposes 473,000 Members And 2.2m Posts

A popular hacking forum has itself suffered a major data breach, with identifiable information on 473,700 registered users, private messages and restricted posts compromised.

Researchers at Risk Based Security say the Nulled forum was compromised on 6 May, with 9.45GB of data and 2.2 million posts dumped.

Members used the forums to share, sell and buy leaked content, stolen credentials, nulled software and software cracks, meaning the leak is significant as the information could be used to identify perpetrators of other cyber-attacks.

Hacking the hackers

“Considering this forum promotes the sharing of these activities it makes this breach quite ironic,” said researchers, who suggested a vulnerability in the IP.Board forum software used by Nulled was used to execute the attack as there have 185 flaws identified in the platform already in 2016.

“The database actually contains 536,064 user accounts with 800,593 user personal messages, 5,582 purchase records and 12,600 invoices which seem to include donation records as well.”

“The accounts compromised all contain user names, email addresses, encrypted passwords, registration dates and registered with IP address. Other tables such as the nexus transactions table for VIP access payments contains User ID (which can be matched back to users in the customers table), payment methods, paypal emails, dates and costs.”

“Further we find API credentials for 3 payment gateways (Paypal, Bitcoin, Paymentwall) as well as 907,162 authentication logs with geolocation data, member id and ip addresses, and 256 user donation records that are able to be matched to the user with member id.”

Loading ...

Wider ramifications

The Nulled.IO website simply displays a message ‘Temporary unscheduled maintenance’ at the time of publication, but in addition to the reputational damage suffered by the site, the fact that so much of the ‘VIP’ content is in the public domain means its business model has suffered a huge blow.

Experts noted that 19 accounts where registered with ‘.gov’ email addresses in the US, Phillipines, Brazil, Turkey and others, meaning it was possible that some authorities were using the forums to gain information. Now with the cloak of anonymity removed, the researchers suggest members might have to worry about being tracked down.

“As you can imagine, this can lead to significant problems for forum users,” they said. “If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any ‘suspects’ under investigation for possibly conducting illegal activities via the forums.

“With this being such a comprehensive dump of data it offers up a very good set of information for matching a member ID to the attached invoices, transactions and other content such as member messages and posts.”

Are you a data breach expert? Take our quiz to find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Intel Adds Two Chip Veterans To Board, Amid Search For New CEO

Two chip veterans named for Intel's board of directors, amid reports of expertise gap after…

19 hours ago

Waymo To Expand Ride-Hailing Service To Miami

Another major city in the United States is to receive Alphabet's Waymo ride-hailing service, with…

20 hours ago

Meta To Spend $10 Billion On Largest Data Centre To Date

Facebook parent confirms its 23rd data centre in the US will be located in Louisiana,…

1 day ago

Musk’s Neuralink Animal Lab Cited For ‘Objectionable Conditions’

Federal regulator reportedly cites animal lab at Elon Musk's Neuralink for “objectionable conditions or practices”

2 days ago

Trump Nominates Cryptocurrency Advocate Paul Atkins As SEC Chair

President-elect Donald Trump nominates a new chairman to head the SEC, who is a noted…

2 days ago