The email addresses and private messages of over 470,000 members of the popular hacking website Nulled have been leaked following a data breach. Nulled is a forum where hackers exchange stolen credit card details, malware-creation kits and even cracks to common software platforms. A unnamed hackers have breached into the site’s database and published a 9.45GB SQL file named db.sql showing the emails, location data, and activities of those who logged on.
Currently the forum has been taken offline after the data breach and is apparently in the process of receiving “routine maintenance.” According to researchers working at Risk Based Security, the database of the entire forum was leaked which includes 12,600 invoices, usernames, IP addresses and even the PayPal addresses of its members.
It isn’t found how the breached had occured till now , there have been more than 4,500 vulnerabilities in these plugins with IP.Board possessing 185 vulnerabilities in total. Moreover, the leaked data also includes 2.2 million posts and miscellaneous content related to the forum, which hints that private content, URLs and another information present on the VIP forum is now open to public access. This is going to severely affect the business model of the forum.
Risk Based Security did an analysis revealing which domains and email platforms users had linked with this service: