Hacking forum Nulled.io breached, member information dumped

Vigilante hackers leak user data for dark web hacker marketplace

A group of dark web hackers has been hacked, with its user database stolen and published online.

Over 473,000 malicious black-hat hackers use the Nulled.io forum to trade in stolen identities and credit cards, software exploits and malware toolkits.

However, unknown cyber-vigilantes have cracked the site's security and made off with a 9.45GB database including the location data, activities and emails of its members.

Advertisement - Article continues below

Exactly how they got in is still unknown, but RiskBased Security pointed out that - ironically - the forum was running on a notoriously insecure software framework.

"Nulled.IO was running the IP.Board community forum commonly known as IP.b or IPb," the firm said. It added that there are "185 total vulnerabilities in IP.Board", and that "it is not hard to make a guess" at the cause of the breach.

These Robin Hood-esque 'counter-hackers' proceeded to dump the database, which features some interesting information.

For starters, 20 of the listed email addresses listed are official '.gov' accounts, from countries including the US, Brazil, Turkey and more.

The authenticity of the breach was confirmed by security expert Troy Hunt, who has a history of discovering and disclosing similar database vulnerabilities.

"Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly," he said.

Advertisement
Advertisement - Article continues below

"While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities."

Advertisement

Recommended

Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020