Hackers' Website Breached by Hacker

The Nulled, one of the most popular hacker forums with more than 470,000 members has suffered a data breach. As a result of which, email addresses and private messages of all these members have leaked. According to a report on BBC, the leaked data contained more than 5,000 purchase records relating to the exchange of stolen information. From the BBC report: Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses. It also contained millions of forum posts and private messages detailing illegal activities. And some of the data could be used to work out members' identities, if they did not take steps to conceal it. Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

HACK THE PLANET!

[stealth_finger]

HACK THE PLANET!

Re:

[p0p0]

They can't HACK THE PLANET if we SMASH THE SYSTEM!

Bad reporting

[Nidi62]

They didn't answer the obvious question: did the hackers then turn around and list the stolen data for sale on Nulled?

Re:Bad reporting

[WarJolt]

The obvious question is what kind of hacker posts incriminating evidence on a forum without protecting his/her anonymity. I wonder how many blackhats skipped lesson one?

Re:

[PolygamousRanchKid]

Relax. Referring to the story posted earlier today about the Mitt Romney fake hack, maybe this one is about fake hackers not really hacking a fake hacker website . . . ?

A hacker should know better

[Anonymous Coward]

Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

How many threads were dedicated to mocking companies using known-vulnerable software or weak algorithms?
And yet no one thought to harden their own.

Re:

[JustBoo]

Should download the dump and send them all a job posting email blast.

I suspect various law enforcement agencies are doing that right now.

"Big Money, apply now. Meet Mr. X in the Basement for an opportunity to have your Dream Job."

Re: The NSA and FBI

[Anonymous Coward]

Sounds like a porn gig. Where do I sign up?

Re:

[Opportunist]

We prefer the term "culling the weak".

Re:

[INT_QRK]

Let's see. What kind of group would be interested in garnering information from hackers communicating with other hackers specifically? An Agency with some some mission? A Bureau with some purpose? I wonder.

Re: could this be considered

[easyTree]

A security company advertising its services by having an ad placed within a BBC "news" article ?

warning : memetic hazard!

[Thud457]

I would just like to say "EYEBALL JERKY"

Good luck getting that thought out of your head.

Hello Mr Pot... Meet my friend Kettle

[bobbied]

Hey, you are all full of soot, you need to clean that mess up!

So Much for Professional Courtesy

[EmagGeek]

What ever happened to there being honor among thieves?

Re: So Much for Professional Courtesy

[easyTree]

It went the way of peace among warmongers.

How Does It Feel?

[JustBoo]

How does it feel now, motherfuckers? Irony and a weird justice rolled into one.

Inside job ...

[CaptainDork]

... a backup database moved offsite.

what?

[micahraleigh]

Is there NO HONOR AMONG THIEVES ??

I thought hackers were MODEL CITIZENS!

old news

[Robert Goatse]

Apparently the site used a super vulnerable version of IP.Board. Riddled with critical security flaws was the term used.

Let me be the first!

[JustAnotherOldGuy]

Let me be the first to say, "LOLZ!!"

What forum software were they using?

[JustAnotherOldGuy]

Does anyone know what forum software were they using? I'd bet it was phpBB or vBulletin some bug-riddled shit like that.

Re:

[JustAnotherOldGuy]

Ahhh, a little digging revealed it was the IP.board forum software by invisionpower.com [invisionpower.com], which is a steaming pile of shit under the best of conditions.

Also, I love how Nulled.io used the tagline. "Expect The Unexpected"....they should have taken their own advice, lol.

Re:

[JustAnotherOldGuy]

...as a user, I always liked Invision more than vBulletin.

They're both awful.

vBulletin is expensive, the codebase is a bloody nightmare, and every useful add-on or plugin costs you even more $$$. In a word, it's crap. It has a decent threaded-view function, I'll give it that, though.

Invision started off okay and rapidly devolved into a pile of disconnected shit. Managing plugins can be a nightmare because some of them conflict, some of them simply don't work, and the admin control panel is a ridiculous joke.

-

Also, I'm pretty sure non-'bug-riddled shit' commercial PHP bulletin board software does not exist.

I disagree. The Simple Machines Forum (SMF) is actually

WTF

[samantha]

Why would a site dealing in illegal activities keep possibly real name identifying information and a history of all illegal transactions associated with each. If these be hackers they are damn stupid ones.

Ironic, but not surprising

[tom229]

As any real security researcher will tell you: no system is 100% secure, no matter what. The best you can do is make your security complex enough that it takes too much time and/or the attacker loses interest. The more complex the security, the bigger the impact on usability; so it's a constant battle. Ironic, but not surprising as a hacking communication platform would be a natural target.

Re:

[Coren22]

Sure, just send a detailed list of the topics you would like to learn to one of the email addresses found here, and we will get right back to you:

https://www.fbi.gov/contact-us [fbi.gov]