Nulled.io Hacking Forum Suffers Data Breach
A major underground hacking forum suffered a data breach this week, after someone hacked into their system, downloaded a copy of the database, and uploaded it online. The breach took place on April 6, and the hacker released the data online on the same day. On May 12, another file popped up online containing 243,787 cracked password hashes.
According to security firm Risk Based Security, the leaked data was offered as a 1.3 GB tar archive that decompressed to a 9.45 GB db.sql file, which was a database dump of the entire forums database.
Everything from user accounts to private messages, and from VIP forum posts to financial transactions were included. More precisely, the data contained 536,064 user accounts, 800,593 user personal messages, 5,582 purchase records, and 12,600 invoices.
For each user, leaked data included his forum username, email address, hashed password, join date, IP records, and other forum-related tidbits such as titles and post counts.
Crime investigation agencies are most likely to be interested in this leak since it also includes 907,162 authentication logs with geolocation data that will allow them to tie various criminal activity to IPs, forum usernames, and email addresses.
The most interesting content is certainly in the messages section of the database, along with the forums VIP section. While the PM leaks will reveal how cyber-crime gangs hired new members or coordinated attacks, the VIP section provides access to a set of high-end tools and tutorials which only paying customers had access to, prior to this breach.
Nulled.io is currently still offline for maintenance following the data breach, but with all of its premium content now available for free, its hard to believe that any hacker will ever pay for a VIP account ever again.
As for the data breachs cause, the real cause is currently unknown, but the security firm pointed out that Nulled.io was running on the IP.Board forum platform, in which security researchers uncovered 185 vulnerabilities this year alone.
Also, coincidentally, the data breach comes in the same time interval in which Sucuri reported about seeing attacks exploits against IP.Board forums with the new ImageTragick vulnerability.