Nulled.io, one of the largest buying and selling forum for hacked content has been hacked and almost everything has been stolen!
The year 2016 has been hard on internet users and websites alike since more than 1,076 data breaches have occurred. The latest on this front is that the well-known Nulled.IO, a popular forum for hackers which has been hacked and its data leaked. There are around 473,700 registered users of this forum. The forum offers users the perfect platform for selling and buying leaked content as well as hacked passwords, usernames, software cracks and nulled software. It is indeed ironic that a website that actually facilitates sharing of hacked content has itself become the victim of a hack attack.
The hack attack occurred on 6th May. The data consisted of 1.3GB tar.gz compressed archive. When expanded, this dataset became a 9.45GB SQL file dubbed as db.sql. Actually, the forum runs the IP.Board community that is called IP.b or IPb as well as the IP.Nexus Setup and some of the IPb plugins for its marketing on the forum and other VIP forums.
As of now we cannot confirm how the breach actually occurred since to date, there have been more than 4,500 vulnerabilities in these plugins with IP.Board possessing 185 vulnerabilities in total. It, however, is noticeable that the last user to login to this forum was on 5th May at 10:12:49. This must have provided the hacker adequate time to conduct the breach. But, with this information, one cannot deduce who could be the perpetrator of this attack.
In short everything on the forum has been stolen
The analysis of the leaked data revealed that it was a complete MYSQL database that has been dubbed as nulledforumsdoctr, which indicates that it contains the forum’s entire database. It is also called nulled.cr. In total, the database comprises of 536,064 user accounts. There are around 800,593 personal messages of the forum users, 12,600 invoices, 5,582 purchase records including donation records.
All the details of compromised user accounts have been hacked including usernames, encrypted passwords, email addresses, IP address and registration dates. There are several other tables also included in the leaked database, which includes transactions for VIP access payments, user IDs, payment methods, dates, PayPal emails and amount paid. Moreover, the leaked data also includes 2.2 million posts and miscellaneous content related to the forum, which hints that private content, URLs and another information present on the VIP forum is now open to public access. This is going to severely affect the business model of the forum.
The API credentials of three payment platforms are involved in the leaked data namely PayPal, Paymentwall and Bitcoin. Also, the dumped data includes 907,162 authentication logs containing geolocation data, IP addresses, and member IDs. There are more than 256 records of a donation from users, which were successfully matched with the member ID of the user.
Risk Based Security did an analysis revealing which domains and email platforms users had linked with this service:
The negative aspect of this data leak is that forum like Nulled.IO contain massive records of users and when the data is hacked and leaked those members who want to remain anonymous get exposed to public and law enforcement. The consequences could be drastic for these users.