Skip to main content

Hackers hack hacking website Nulled, leak user information

The email addresses and private messages of over 470,000 members of the popular hacking website Nulled have been leaked following a data breach.

The website served as a marketplace where its users could buy and sell the account details they stole from users along with hacking advice and tips. The data that was leaked from Nulled contained over 5,000 purchase records that detailed how the stolen information available on the site's marketplace was exchanged between users.

Currently the site has been taken offline after the data breach and is apparently in the process of receiving “routine maintenance.” According to researchers working at Risk Based Security, the database of the entire forum was leaked which includes 12,600 invoices, usernames, IP addresses and even the PayPal addresses of its members.

Forum posts and private messages were also included in the leak which thoroughly detailed the illegal activities that occurred frequently on the site. If any of Nulled's users failed to conceal their identities previously, the information divulged in the leak could be used to reveal their identities.

Risk Based Security also noticed that the website used a weak hashing algorithm to protect the passwords of its members and that the message board software it used was known to contain security vulnerabilities.

The independent security research Troy Hunt was able to confirm the breach and expound on the fact that even hackers are vulnerable to cyber attacks: “Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly. While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities.”

While it will take some time for investigators and third parties to look over the information contained in the leak, we will soon see how well the cybercriminals affected by the attack were able to protect themselves from the very same sort of attack which they often participate in.

Image Credit: Love the Wind / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.