The popular hacker forum Nulled.io has been breached and its members’ details have been made public, Risk Based Security reported last week.
Nulled.io is a forum where roughly 500,000 users have discussed leaks, monetization methods, cracks, and coding. The website is also a place where people buy and sell services, products and compromised credentials.
On May 6, hackers leaked a 1.3Gb archive containing a 9.45Gb database file that stores the details of more than 536,000 Nulled.io user accounts, including usernames, email addresses, hashed passwords, registration dates and IP addresses.
Hackers also made available over 800,000 personal messages exchanged by the site’s users, and thousands of purchase records and invoices.
Nulled.io’s VIP users are also affected by the breach. The compromised database contains a table for VIP access payments, including IDs that can be matched to specific users, payment methods, dates, amounts, and PayPal email addresses. VIP users are probably displeased with the fact that they paid to access content that has now been made public.
Additionally, researchers found that the leaked data includes API credentials for payment gateways, authentication logs, geolocation data, and donation records.
Risk Based Security has analyzed the exposed email addresses and found that some of them are hosted on government domains from the United States, Philippines, Jordan, Brazil, Malaysia, Macao and Turkey.
It’s unclear at this time who is behind the attack and how they managed to obtain the Nulled.io database. However, experts noted that the forum is powered by the IP.Board forum software, which is known to be plagued by many vulnerabilities. Daniel Cid, founder and CTO of Web security firm Sucuri, noted last week that IP.Board forums had been targeted in attacks exploiting a recently disclosed ImageMagick flaw.
“When services such as Nulled.IO are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names,” Risk Based Security wrote in a blog post. “By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users. If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any ‘suspects’ under investigation for possibly conducting illegal activities via the forums.”
Nulled.io has been taken offline following the breach. The exposed credentials have been added to the Have I Been Pwned service, which allows users to check if their information has been exposed in a data breach.
Related Reading: 272 Million Email Credentials Discovered in Cybercrime Forum
Related Reading: Hacking Forum Darkode Dismantled in Multi-Nation Operation

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
