A major underground hacking forum suffered a data breach this week, after someone hacked into their system, downloaded a copy of the database, and uploaded it online.
The breach took place on April 6, and the hacker released the data online on the same day. On May 12, another file popped up online containing 243,787 cracked password hashes.
Data breach included EVERYTHING!
According to security firm, the leaked data was offered as a 1.3 GB tar archive that decompressed to a 9.45 GB db.sql file, which was a database dump of the entire forum’s database.
Everything from user accounts to private messages, and from VIP forum posts to financial transactions were included. More precisely, the data contained 536,064 user accounts, 800,593 user personal messages, 5,582 purchase records, and 12,600 invoices.
For each user, leaked data included his forum username, email address, hashed password, join date, IP records, and other forum-related tidbits such as titles and post counts.
Crime investigation agencies are most likely to be interested in this leak since it also includes 907,162 authentication logs with geolocation data that will allow them to tie various criminal activity to IPs, forum usernames, and email addresses.
Data breach could spell the end of Nulled.io
The most interesting content is certainly in the messages section of the database, along with the forum’s VIP section. While the PM leaks will reveal how cyber-crime gangs hired new members or coordinated attacks, the VIP section provides access to a set of high-end tools and tutorials which only paying customers had access to, prior to this breach.
Nulled.io is currently still offline for maintenance following the data breach, but with all of its premium content now available for free, it’s hard to believe that any hacker will ever pay for a VIP account ever again.
As for the data breach’s cause, the real cause is currently unknown, but the security firm pointed out that Nulled.io was running on the IP.Board forum platform, in which security researchers uncovered 185 vulnerabilities this year alone.
Also, coincidentally, the data breach comes in the same time interval in which Sucuri reported about seeing attackswith the new ImageTragick vulnerability.