Hackers' Website Breached by Hacker

The Nulled, one of the most popular hacker forums with more than 470,000 members has suffered a data breach. As a result of which, email addresses and private messages of all these members have leaked. According to a report on BBC, the leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. From the BBC report: Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses. It also contained millions of forum posts and private messages detailing illegal activities. And some of the data could be used to work out members' identities, if they did not take steps to conceal it. Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

Bad reporting

[Nidi62]

They didn't answer the obvious question: did the hackers then turn around and list the stolen data for sale on Nulled?

Re:Bad reporting

[WarJolt]

The obvious question is what kind of hacker posts incriminating evidence on a forum without protecting his/her anonymity. I wonder how many blackhats skipped lesson one?

Re:What forum software were they using?

[JustAnotherOldGuy]

Ahhh, a little digging revealed it was the IP.board forum software by invisionpower.com, which is a steaming pile of shit under the best of conditions.

Also, I love how Nulled.io used the tagline. "Expect The Unexpected"....they should have taken their own advice, lol.