Hacking forum Nulled.io breached, member information dumped

Vigilante hackers leak user data for dark web hacker marketplace

A group of dark web hackers has been hacked, with its user database stolen and published online.

Over 473,000 malicious black-hat hackers use the Nulled.io forum to trade in stolen identities and credit cards, software exploits and malware toolkits.

However, unknown cyber-vigilantes have cracked the site's security and made off with a 9.45GB database including the location data, activities and emails of its members.

Exactly how they got in is still unknown, but RiskBased Security pointed out that - ironically - the forum was running on a notoriously insecure software framework.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Nulled.IO was running the IP.Board community forum commonly known as IP.b or IPb," the firm said. It added that there are "185 total vulnerabilities in IP.Board", and that "it is not hard to make a guess" at the cause of the breach.

These Robin Hood-esque 'counter-hackers' proceeded to dump the database, which features some interesting information.

For starters, 20 of the listed email addresses listed are official '.gov' accounts, from countries including the US, Brazil, Turkey and more.

The authenticity of the breach was confirmed by security expert Troy Hunt, who has a history of discovering and disclosing similar database vulnerabilities.

"Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly," he said.

"While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/1
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020