Unknown hacker leaks 9.45 GB of forum data

May 14, 2016 22:30 GMT  ·  By

A major underground hacking forum has suffered a data breach this week, after someone hacked into their system, downloaded a copy of the database, and uploaded it online.

The breach took place on April 6, and the hacker released the data online on the same day. On May 12, another file containing 243,787 cracked password hashes popped up online.

Data breach included everything!

According to security firm Risk Based Security, the leaked data was offered as a 1.3 GB tar archive that decompressed to a 9.45 GB db.sql file, which was a database dump of the entire forum's database.

Everything from user accounts to private messages, and from VIP forum posts to financial transactions, was included. More precisely, the data contained 536,064 user accounts, 800,593 user personal messages, 5,582 purchase records, and 12,600 invoices.

For each user, leaked data included their forum username, email address, hashed password, join date, IP records, and other forum-related tidbits such as titles and post counts.

Crime investigation agencies are most likely to be interested in this leak since it also includes 907,162 authentication logs with geolocation data that will allow them to tie various criminal activity to IPs, forum usernames, and email addresses.

Data breach could spell the end of Nulled.io

The most interesting content is certainly in the messages section of the database, along with the forum's VIP section. While the PM leaks will reveal how cyber-crime gangs hired new members or coordinated attacks, the VIP section provides access to a set of high-end tools and tutorials that only paying customers had access to before this breach.

Nulled.io is currently still offline for maintenance following the data breach, but with all of its premium content now available for free, it's hard to believe that any hacker will pay for a VIP account ever again.

As for the data breach, its real cause is currently unknown, but the security firm pointed out that Nulled.io was running on the IP.Board forum platform, in which security researchers have uncovered 185 vulnerabilities this year alone.

Also, coincidentally, the data breach comes in the same time interval in which Sucuri reported seeing attacks exploits against IP.Board forums with the new ImageTragick vulnerability.

Sample from the leaked forum data
Sample from the leaked forum data

Photo Gallery (2 Images)

Nulled.io forum, currently going through unplanned maintenance
Sample from the leaked forum data
Open gallery