In what must surely be the ultimate definition of irony, one of the world’s largest hacking forums has been hacked and had the private details of over half a million users dumped online.
The Nulled.IO board is used to trade and sell credit card and leaked identity information, hacking tools, cracks, and malware-creation kits. On May 6th, the hacker or hackers responsible for the breach dumped a 1.3 GB compressed archive online which when expanded is a 9.45 GB SQL file containing details of the website’s cybercriminal users and their activities.
According to RiskBased Security, which discovered the breach, the attack was likely possible due to Nulled.IO’s use of the Ip.Board community forum, which has a number of known vulnerabilities.
"Considering this forum promotes the sharing of these activities, it makes this breach quite ironic. Nulled.IO was running the IP.Board community forum commonly known as IP.b or IPb. It appears that the forum was also running an IP.Nexus Setup for its market place as well as VIP forums among a few other IPb plugins," said the company.
"While we do not have confirmation as to how this breach occurred at this point, there have been over 4,500 vulnerabilities to date in 2016, and with 185 total vulnerabilities in IP.Board (92 of them do not have a CVE by the way!) it is not hard to make a guess!"
RiskBased Security said the full dump contains 536,064 user accounts, 800,593 user personal messages, 5,582 purchase records and 12,600 invoices, which could include donation records. There are also payment methods, Paypal emails, usernames, email addresses, hashed passwords, registration dates, registered IP addresses, and details of transactions.
All this information will, of course, likely be of interest to law enforcement officials, especially as it contains so much information about illegal activities.
A particularly interesting discovery made by the RiskBased Security team is that there are 20 .gov email accounts in the leaked database that originate from countries such as the US, Turkey, the Philippines, Brazil, Malaysia, and Jordan. There are also a large number of addresses that end in .edu, which is associated with institutions of higher education.
It’s not known who was responsible for the breach, but the incident shows that no one, not even the hackers themselves, are safe when it comes to these kind of leaks.