Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers' Website Breached by Hacker (bbc.com)

Posted by msmash on from the private-messages-no-longer-private dept.

The Nulled, one of the most popular hacker forums with more than 470,000 members has suffered a data breach. As a result of which, email addresses and private messages of all these members have leaked. According to a report on BBC, the leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. From the BBC report: Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses. It also contained millions of forum posts and private messages detailing illegal activities. And some of the data could be used to work out members' identities, if they did not take steps to conceal it. Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

25 of 48 comments (clear)

  1. Bad reporting by Nidi62 · · Score: 5, Funny

    They didn't answer the obvious question: did the hackers then turn around and list the stolen data for sale on Nulled?

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    1. Re:Bad reporting by WarJolt · · Score: 3, Insightful

      The obvious question is what kind of hacker posts incriminating evidence on a forum without protecting his/her anonymity. I wonder how many blackhats skipped lesson one?

    2. Re:Bad reporting by PolygamousRanchKid+ · · Score: 1

      Relax. Referring to the story posted earlier today about the Mitt Romney fake hack, maybe this one is about fake hackers not really hacking a fake hacker website . . . ?

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  2. A hacker should know better by Anonymous Coward · · Score: 1

    Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

    How many threads were dedicated to mocking companies using known-vulnerable software or weak algorithms?
    And yet no one thought to harden their own.

  3. warning : memetic hazard! by Thud457 · · Score: 1

    I would just like to say "EYEBALL JERKY"

    Good luck getting that thought out of your head.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  4. Hello Mr Pot... Meet my friend Kettle by bobbied · · Score: 1

    Hey, you are all full of soot, you need to clean that mess up!

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  5. So Much for Professional Courtesy by EmagGeek · · Score: 1

    What ever happened to there being honor among thieves?

    1. Re: So Much for Professional Courtesy by easyTree · · Score: 1

      It went the way of peace among warmongers.

      --
      Requiem for the American Dream
  6. Re:HACK THE PLANET! by p0p0 · · Score: 1

    They can't HACK THE PLANET if we SMASH THE SYSTEM!

  7. How Does It Feel? by JustBoo · · Score: 1

    How does it feel now, motherfuckers? Irony and a weird justice rolled into one.

  8. Inside job ... by CaptainDork · · Score: 1

    ... a backup database moved offsite.

    --
    It little behooves the best of us to comment on the rest of us.
  9. Re:The NSA and FBI by JustBoo · · Score: 1

    Should download the dump and send them all a job posting email blast.

    I suspect various law enforcement agencies are doing that right now.

    "Big Money, apply now. Meet Mr. X in the Basement for an opportunity to have your Dream Job."

  10. Re:could this be considered by Opportunist · · Score: 1

    We prefer the term "culling the weak".

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  11. what? by micahraleigh · · Score: 1

    Is there NO HONOR AMONG THIEVES ??

    I thought hackers were MODEL CITIZENS!

  12. old news by Robert+Goatse · · Score: 1

    Apparently the site used a super vulnerable version of IP.Board. Riddled with critical security flaws was the term used.

  13. Re:could this be considered by INT_QRK · · Score: 1

    Let's see. What kind of group would be interested in garnering information from hackers communicating with other hackers specifically? An Agency with some some mission? A Bureau with some purpose? I wonder.

  14. Re: could this be considered by easyTree · · Score: 1

    A security company advertising its services by having an ad placed within a BBC "news" article ?

    --
    Requiem for the American Dream
  15. Re: The NSA and FBI by Anonymous Coward · · Score: 1

    Sounds like a porn gig. Where do I sign up?

  16. Let me be the first! by JustAnotherOldGuy · · Score: 1

    Let me be the first to say, "LOLZ!!"

    --
    Just cruising through this digital world at 33 1/3 rpm...
  17. What forum software were they using? by JustAnotherOldGuy · · Score: 1

    Does anyone know what forum software were they using? I'd bet it was phpBB or vBulletin some bug-riddled shit like that.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:What forum software were they using? by JustAnotherOldGuy · · Score: 2

      Ahhh, a little digging revealed it was the IP.board forum software by invisionpower.com, which is a steaming pile of shit under the best of conditions.

      Also, I love how Nulled.io used the tagline. "Expect The Unexpected"....they should have taken their own advice, lol.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    2. Re:What forum software were they using? by JustAnotherOldGuy · · Score: 1

      ...as a user, I always liked Invision more than vBulletin.

      They're both awful.

      vBulletin is expensive, the codebase is a bloody nightmare, and every useful add-on or plugin costs you even more $$$. In a word, it's crap. It has a decent threaded-view function, I'll give it that, though.

      Invision started off okay and rapidly devolved into a pile of disconnected shit. Managing plugins can be a nightmare because some of them conflict, some of them simply don't work, and the admin control panel is a ridiculous joke.

      -

      Also, I'm pretty sure non-'bug-riddled shit' commercial PHP bulletin board software does not exist.

      I disagree. The Simple Machines Forum (SMF) is actually pretty damn good. It's free, has clean code, and thousands of good plugins, most of which are free. It's had a relatively low number of vulnerabilities over the years and when one is found the SMF team jumps on it immediately, sometimes issuing a fix within hours. It's my standard go-to forum package when I need a discussion forum, a base for a CMS, or for a one-off specialty site.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  18. WTF by samantha · · Score: 1

    Why would a site dealing in illegal activities keep possibly real name identifying information and a history of all illegal transactions associated with each. If these be hackers they are damn stupid ones.

  19. Ironic, but not surprising by tom229 · · Score: 1

    As any real security researcher will tell you: no system is 100% secure, no matter what. The best you can do is make your security complex enough that it takes too much time and/or the attacker loses interest. The more complex the security, the bigger the impact on usability; so it's a constant battle. Ironic, but not surprising as a hacking communication platform would be a natural target.

    --
    If it ain't broke, don't fix it.
  20. Re:I want to hack by Coren22 · · Score: 1

    Sure, just send a detailed list of the topics you would like to learn to one of the email addresses found here, and we will get right back to you:

    https://www.fbi.gov/contact-us

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?