The title sounds quite ironic, but how else would you describe the violation that happened in the hacking forum Nulled.io a popular forum with hundreds of thousands of members who will probably lose their sleep for quite some time.
Nulled.io is a forum that usesby cybercriminals to trade and purchase leaked information, stolen credentials, nulled software, hacking tools and exploits. According to RiskBased Security, the forum has at least 473.000 registered users.
The forum has been violated, and as it now appears, a compressed 1.3GB file containing the full copy of the 9.45GB forum database is available online.
The breach was discovered by a security team at RiskBased Security, and according to the researchers, Nulled.io used the IP.Board software. This software has 185 recorded vulnerabilities many of which have not got CVE number and so very likely are unpatched.
RiskBased Security reports that the leaked SQL database contains “536.064 user accounts, 800.593 personal messages, 5.582 purchase records and 12.600 invoices”, which include usernames, email addresses, hashed passwords, registration dates and IP addresses.
"Also included are 2,2 million site posts even from private content (the VIP forum)," the researchers said.
But this information is a treasure trove for law enforcement as they can now crack down on illegal sales productof theftof data. The leaked files also contain payment methods, PayPal emails, dates and the cost of products and services sold on the forum, which can be used for investigative purposes by cyber security experts.
RiskBased Security even discovered with a first analysis that forum users were using e-mail with endings in .edu (suggesting students or even academics) and .gov from countries including the US, Turkey, Brazil, Malaysia and Jordan.
Other popular e-mail services used to subscribe to Nulled.IO include Gmail, Hotmail, Yahoo and Mail.ru.