Hackers' Website Breached by Hacker

The Nulled, one of the most popular hacker forums with more than 470,000 members has suffered a data breach. As a result of which, email addresses and private messages of all these members have leaked. According to a report on BBC, the leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. From the BBC report: Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses. It also contained millions of forum posts and private messages detailing illegal activities. And some of the data could be used to work out members' identities, if they did not take steps to conceal it. Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

HACK THE PLANET!

[stealth_finger]

HACK THE PLANET!

Re:HACK THE PLANET!

[p0p0]

They can't HACK THE PLANET if we SMASH THE SYSTEM!

Bad reporting

[Nidi62]

They didn't answer the obvious question: did the hackers then turn around and list the stolen data for sale on Nulled?

Re:Bad reporting

[WarJolt]

The obvious question is what kind of hacker posts incriminating evidence on a forum without protecting his/her anonymity. I wonder how many blackhats skipped lesson one?

Re:Bad reporting

LMAO at the blackhats who don't know to seed other blackhat's info. Cream rises to the top, as always.

Re:Bad reporting

[PolygamousRanchKid+]

Relax. Referring to the story posted earlier today about the Mitt Romney fake hack, maybe this one is about fake hackers not really hacking a fake hacker website . . . ?

Re:Bad reporting

They didn't answer the obvious question: did the hackers then turn around and list the stolen data for sale on Nulled?

Hell no! They weren't interested in pocket change - they sold it to 3-letter agencies for big bucks. What's the world comming to when you can't trust a fellow thief?

A hacker should know better

Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

How many threads were dedicated to mocking companies using known-vulnerable software or weak algorithms?
And yet no one thought to harden their own.

The NSA and FBI

Should download the dump and send them all a job posting email blast.

Re:The NSA and FBI

[JustBoo]

Should download the dump and send them all a job posting email blast.

I suspect various law enforcement agencies are doing that right now.

"Big Money, apply now. Meet Mr. X in the Basement for an opportunity to have your Dream Job."

Re: The NSA and FBI

Sounds like a porn gig. Where do I sign up?

could this be considered

cannibalism?

Re:could this be considered

[Opportunist]

We prefer the term "culling the weak".

Re:could this be considered

[INT_QRK]

Let's see. What kind of group would be interested in garnering information from hackers communicating with other hackers specifically? An Agency with some some mission? A Bureau with some purpose? I wonder.

Re: could this be considered

[easyTree]

A security company advertising its services by having an ad placed within a BBC "news" article ?

Would you like whipped cream on your just dessert?

HAHAHAHAHAHA!!!!!!

I love it!

Revenge!

This is what you get when you mod down too many posters!

warning : memetic hazard!

[Thud457]

I would just like to say "EYEBALL JERKY"

Good luck getting that thought out of your head.

Hello Mr Pot... Meet my friend Kettle

[bobbied]

Hey, you are all full of soot, you need to clean that mess up!

How common an occurrence?

You're dealing with people who know how to break things, illegal material that you want to keep private, and you've got to use 3rd party software implementations to store it. You would think this stuff happens a lot more than it's reported.

So Much for Professional Courtesy

[EmagGeek]

What ever happened to there being honor among thieves?

Re: So Much for Professional Courtesy

[easyTree]

It went the way of peace among warmongers.

Re:So Much for Professional Courtesy

What ever happened to there being honor among thieves?

The unicorn ate it.

How Does It Feel?

[JustBoo]

How does it feel now, motherfuckers? Irony and a weird justice rolled into one.

Inside job ...

[CaptainDork]

... a backup database moved offsite.

what?

[micahraleigh]

Is there NO HONOR AMONG THIEVES ??

I thought hackers were MODEL CITIZENS!

old news

[Robert+Goatse]

Apparently the site used a super vulnerable version of IP.Board. Riddled with critical security flaws was the term used.

We're not talking thieves

We're talking s'kiddies (styling themselves "hackers" and therefore branding themselves posers). Those don't go beyond "LOLWTFBBQROFLCOPTOR". And that's not how you spell "honour".

Hacker apps

Hackers hacking hackers seems sort of like apps apping apps.

I'm disappointed

over 20 comments and no link to the dump.

Re:I'm disappointed

http://siph0n.in/dumps/nulled.io_database_dump_06052016.gz

Is he a blackhat then

A vacker? A vger (vigilante something)? A greyhat?

Let me be the first!

[JustAnotherOldGuy]

Let me be the first to say, "LOLZ!!"

What forum software were they using?

[JustAnotherOldGuy]

Does anyone know what forum software were they using? I'd bet it was phpBB or vBulletin some bug-riddled shit like that.

Re:What forum software were they using?

[JustAnotherOldGuy]

Ahhh, a little digging revealed it was the IP.board forum software by invisionpower.com, which is a steaming pile of shit under the best of conditions.

Also, I love how Nulled.io used the tagline. "Expect The Unexpected"....they should have taken their own advice, lol.

Re:What forum software were they using?

...as a user, I always liked Invision more than vBulletin. Mostly because they don't have a *%G&# stupid archive thread view [that Google links you to] that strips the [quote] markers, so you spend half of your time reading quoted content from old posts because it's not marked in any way.

Also, I'm pretty sure non-'bug-riddled shit' commercial PHP bulletin board software does not exist.

Re:What forum software were they using?

[JustAnotherOldGuy]

...as a user, I always liked Invision more than vBulletin.

They're both awful.

vBulletin is expensive, the codebase is a bloody nightmare, and every useful add-on or plugin costs you even more $$$. In a word, it's crap. It has a decent threaded-view function, I'll give it that, though.

Invision started off okay and rapidly devolved into a pile of disconnected shit. Managing plugins can be a nightmare because some of them conflict, some of them simply don't work, and the admin control panel is a ridiculous joke.

-

Also, I'm pretty sure non-'bug-riddled shit' commercial PHP bulletin board software does not exist.

I disagree. The Simple Machines Forum (SMF) is actually pretty damn good. It's free, has clean code, and thousands of good plugins, most of which are free. It's had a relatively low number of vulnerabilities over the years and when one is found the SMF team jumps on it immediately, sometimes issuing a fix within hours. It's my standard go-to forum package when I need a discussion forum, a base for a CMS, or for a one-off specialty site.

WTF

[samantha]

Why would a site dealing in illegal activities keep possibly real name identifying information and a history of all illegal transactions associated with each. If these be hackers they are damn stupid ones.

Re:WTF

Also what kind of hackers don't use PGP for sensitive data?

Re: Would you like whipped cream on your just dess

Is it "just dessert" or "just desserts"?

As for me, I am happy with just dessert, skipping the meal. (:

Ironic, but not surprising

[tom229]

As any real security researcher will tell you: no system is 100% secure, no matter what. The best you can do is make your security complex enough that it takes too much time and/or the attacker loses interest. The more complex the security, the bigger the impact on usability; so it's a constant battle. Ironic, but not surprising as a hacking communication platform would be a natural target.

I want to hack

could u teach me how to hack yahoomail password ?

Re:I want to hack

[Coren22]

Sure, just send a detailed list of the topics you would like to learn to one of the email addresses found here, and we will get right back to you:

https://www.fbi.gov/contact-us

Re:I want to hack

like what topics ??

Re:I want to hack

umm like what topics i dont know what to pick ?

Re:I want to hack

and i want to get back my yahoomail password because i forgot the password and my cellphone SMS i got breaked it.But i know the email address

Hack it

could u hack this yahoomail rudy.buray@yahoo.com
and give it to me please.I'am just a kid