An unidentified hacker turned the tables on Nulled.io, a popular online forum that facilitates cybercriminal activity, by compromising its website and publicly dumping its sensitive user data and communications.
According to a blog post last week from Risk Based Security (RSB), the perpetrator struck on May 6, doxing the Nulled website in the form of a 1.3 GB archive that actually held 9.45 GB worth of compressed data. The archive was found to contain over 536,000 user accounts including names, email addresses, encrypted passwords, registration dates and IP addresses. A transactions table for VIP customers also featured user IDs that can be matched back to their corresponding user accounts. Private communications on the forum were also published on the doxing site, which RBS declined to identify.
Altogether, RSB researchers counted about 2.2 million posts, including over 800,000 personal messages, nearly 6,000 purchase records and about 12,600 invoices. There were also API credentials for three different payment methods, and over 900,000 authentication logs with geolocation data, member IDs and IP addresses.
The Nulled website typically offers visitors a forum to buy, sell or share stolen content and credentials as well as and illegitimately modified software, but has been pulled down for “temporary unscheduled maintenance,” according to a message on its home page. RSB speculated, but has not confirmed, that Nulled was likely breached via a vulnerability in its IP.Board community forum service from Invision Power Services, Inc.
Content shared on the site's premium VIP forum was also exposed; consequently, VIP access for this content is now worthless, “clearly impacting [the] Nulled.io business model,” the blog stated. Still, the doxing could potentially inflict some collateral damage, because the leaked content also includes samples of stolen data that users of Nulled's VIP section had previously posted as proof to potential buyers. This, in effect, doubly exposes a select number of Nulled's original victims.
Clearly, the potential ramifications for Nulled's users are significant. “I would say the biggest implication is the exposure of the information for analysis by law enforcement,” said Inga Goddjin, EVP and managing director of insurance service at Risk Based Security, in an interview with SCMagazine.com. “They have an interest in what happens in these forums, who's participating, who's involved in what type of activity.”
Meanwhile, the site itself has also taken a hit. “Once a site like that has been compromised, it does have a lot of trust implications,” said Goddjin. “Obviously, users might be reluctant to go back there.”