The popular hacker forum Nulled.io has been breached and its members’ details have been made public, Risk Based Security reported last week.
Nulled.io is a forum where roughly 500,000 users have discussed leaks, monetization methods, cracks, and coding. The website is also a place where people buy and sell services, products and compromised credentials.
On May 6, hackers leaked a 1.3Gb archive containing a 9.45Gb database file that stores the details of more than 536,000 Nulled.io user accounts, including usernames, email addresses, hashed passwords, registration dates and IP addresses.
Hackers also made available over 800,000 personal messages exchanged by the site’s users, and thousands of purchase records and invoices.
Nulled.io’s VIP users are also affected by the breach. The compromised database contains a table for VIP access payments, including IDs that can be matched to specific users, payment methods, dates, amounts, and PayPal email addresses. VIP users are probably displeased with the fact that they paid to access content that has now been made public.
Additionally, researchers found that the leaked data includes API credentials for payment gateways, authentication logs, geolocation data, and donation records.
Risk Based Security has analyzed the exposed email addresses and found that some of them are hosted on government domains from the United States, Philippines, Jordan, Brazil, Malaysia, Macao and Turkey.
It’s unclear at this time who is behind the attack and how they managed to obtain the Nulled.io database. However, experts noted that the forum is powered by the IP.Board forum software, which is known to be plagued by many vulnerabilities. Daniel Cid, founder and CTO of Web security firm Sucuri, noted last week that IP.Board forums had been targeted in attacks exploiting a recently disclosed ImageMagick flaw.
“When services such as Nulled.IO are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names,” Risk Based Security wrote in a blog post. “By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users. If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any ‘suspects’ under investigation for possibly conducting illegal activities via the forums.”
Nulled.io has been taken offline following the breach. The exposed credentials have been added to the Have I Been Pwned service, which allows users to check if their information has been exposed in a data breach.
Related Reading: 272 Million Email Credentials Discovered in Cybercrime Forum
Related Reading: Hacking Forum Darkode Dismantled in Multi-Nation Operation