A hacking forum, Nulled.IO has been hacked, with the leaked data showing that about 800,000 messages from the forum have been leaked. 536,000 of the users is also public for everyone to see on the public Internet. The forum has a tagline, “expect the unexpected,” but I don’t think they were expecting this one.
The forum is used mostly by cyber criminals who have gotten hold of leaked information and want to trade or purchase it. It also has stolen credentials, nulled software and also hacking tools and cracks for all the hackers in the business. Details of the person responsible for the leak and hack are not known at the moment.
The hacking of the forum resulted in a leak of 1.3 GB of compressed archive data which when uncompressed contains around 9.5 GB of the database which was copied from the forum. The hacked file was posted on the public web on the 6th of May, and the file is still available to public users. RiskBased Security security’s team discovered the breach on the forum. The team said that the hack had been successful probably because of the forum’s use of the Ip.Board community forum setup. The software that the forum uses has approximately about 185 vulnerabilities which have been recorded so far and discovered to date. Many of the flaws that are there do not even have CVE number which means that they are probably not patched yet.
The news that the forum was hacked is then not surprising given all the ways the attacker could have gotten into the system.
Nulled.IO had an offline page at the moment with a message which said, “temporary unscheduled maintenance.” Most of the victims have moved on to another online from which they are using as their sounding board.
The researchers who discovered the hack said the data dump also had 2.2 million posts and other content from the site even that which is in the VIP section. If the VIP access is made useless, the whole business model of the forum would be clearly impacted.
The data hack will be a welcome leak for law enforcement agencies trying to bring down illegal sales and cyber attack theft. The dump also has payment methods which mean researchers and CyberSecurity specialists can use the information for research.
RiskBased Security did their research, and they got some interesting results. In their investigation, they discovered that most of the email accounts used ended with .edu and .gov, which suggested that students and academics together with government officials from countries such as Turkey, US, Brazil, Malaysia, Jordan were the some of the most prominent users of the site.
The forum also had other email services such as Gmail, Hotmail, Yahoo, and Mail.ru to register with the Nulled.IO forum.