The title sounds quite ironic, but how else would you describe the violation that happened in the hacking forum Nulled.io a popular forum with hundreds of thousands of members who will probably lose their sleep for quite some time.
Nulled.io is a forum used by cyber criminals to trade and purchase information that has leaked, stolen credentials, nulled software, hacking tools and exploits. According to RiskBased Security, the forum has at least 473.000 registered users.
The forum was hacked and it seems that it is currently circulating freely on the internetnetwork ένα συμπιεσμένο αρχείο των 1.3GB που περιέχει το πλήρες copy of baseof forum data which reaches 9.45GB.
The breach was discovered by a security team at RiskBased Security, and according to the researchers, Nulled.io used the IP.Board software. This software has 185 recorded vulnerabilities many of which have not got CVE number and so very likely are unpatched.
RiskBased Security reports that the leaked SQL database contains "536.064 user accounts, 800.593 personal messages, 5.582 purchase registrations and 12.600 invoices", which include usernames, emails, hashed passwords, registration dates and IP addresses.
"Also included are 2,2 million site posts even from private content (the VIP forum)," the researchers said.
The information όμως αυτές είναι θησαυρός για τις αρχές επιβολής του νόμου καθώς μπορούν πλέον να πατάξουν παράνομες πωλήσεις προϊόντων κλοπής δεδομένων. Τα αρχεία που διέρρευσαν περιέχουν επίσης μεθόδους πληρωμής, μηνύματα ηλεκτρονικού ταχυδρομείου της PayPal, ημερομηνίες και το κόστος των προϊόντων και των υπηρεσιών που πωλούνταν στο forum, τα οποία μπορούν να αξιοποιηθούν για ερευνητικούς σκοπούς από τους ειδικούς της ασφάλειας στον κυβερνοχώρο.
RiskBased Security even discovered with a first analysis that forum users were using e-mail with endings in .edu (suggesting students or even academics) and .gov from countries including the US, Turkey, Brazil, Malaysia and Jordan.
Other popular email services used for Nulled.IO registration include Gmail, Hotmail, Yahoo and Mail.ru.