Even hackers are not immune to cyber attacks. The email addresses and private messages of over 470,000 members of a major online hacking forum have been leaked following a data breach earlier this month.
Nulled.io, whose tagline is “expect the unexpected”, was hacked and a file containing a complete database of their 473,700 users was made accessible online to anyone, including law enforcement. Members’ data — including login credentials, emails, transaction histories, PayPal addresses and IP addresses — were all acquired by an unknown hacker.
Whilte the site is currently offline, it had served as a forum where its users could buy and sell stolen account information, along with hacking advice, tips, software cracks, and stolen credentials. The leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. Forum posts and over 800,000 private messages were also included in the leak, which thoroughly detailed the illegal activities that occurred frequently on the site.
Experts claim to have a good idea of how the breach occurred. The website used a weak hashing algorithm to protect the passwords of its members and the message board software it used was known to contain thousands of vulnerabilities.
Independent security researcher Troy Hunt was able to confirm the breach and explain that even hackers are vulnerable to cyber attacks: “Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly. While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities.”
While it will likely take some time for investigators to pour over the incriminating information contained in the leak, matching a member ID to the attached invoices, transactions, member messages and posts could lead law enforcement to the exact individuals behind various cybercrimes.
Karma’s a beach.