On May 6, 2016 Nulled.IO tag line ‘expect the unexpected’ became a reality for the hacker forum. An unknown hacker broke through the simple MD5 hashing algorithm securing the website and gained access to a 9.45GB file containing all of the websites information. By securing a sensitive website with such a simple algorithm suggests that the forum didn’t follow their tagline themselves!
Nulled.io is a forum for hackers where they can trade and purchase leaked information (including stolen credentials), hacking tools and cracks as well as have access to Nulled software.
Risk Based Security discovered the hack and found the 3GB compressed file ready to download free on the open Internet. This breach is seen as a gold mine for law enforcement. They now have access to IP addresses, email address and conversations for 473,000 registered users, including information from the seemingly private VIP forums.
Risk Based Security noted:
“If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any “suspects” under investigation for possibly conducting illegal activities via the forums.
With this being such a comprehensive dump of data it offers up a very good set of information for matching a member ID to the attached invoices, transactions and other content such as member messages and posts.”
The breach also means that VIP access for older contents on the site is now deemed as worthless as it is all freely accessible within the download. This clearly impacts Nulled.IO business model.
The current site is deemed under temporary unscheduled maintenance, and has been since the breach occurred.