UPDATED 17:20 EST / MAY 16 2016

NEWS

Hacking forum gets hacked itself

In a karmic case of the metaphorical shoe being on the other foot, a forum dedicated to stealing and sharing stolen information, credentials, and content was itself hacked, and the information on its 500,000 users leaked onto the net.

The target was Nulled.io, an underground forum in which users share software cracks, content leaks, and stolen personal information and credentials. The breach resulted in the theft of 9.45 gigabytes of information, including user information, IP addresses, passwords, and payment information such as PayPal emails and costs. In short, it was a huge sum of personal information.

Ars Technica notes that private message conversations were also leaked, in which users discuss notably illegal activities such as installing keyloggers, breaking into Hotmail accounts accounts, and trading stolen Bitcoin and PayPal accounts. With over 2 million posts and 800,000 private messages, there’s a lot of incriminating evidence that can be linked to the various user accounts.

While the means of breaching the forum are currently unknown, Threat Post reports, the options are not limited; the IP.Board forum, made by Invasion Power Services, Inc., has over 100 known vulnerabilities, so the hacker had plenty of options. It seems a little ironic that a forum for and about hackers would use a forum type with so many weaknesses, but hindsight is 20-20, as the saying goes.

According to Risk Based Security, Inc.:

“When services such as Nulled.io are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names. By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. With this being such a comprehensive dump of data, it offers up a very good set of information for matching a member ID to the attached invoices, transactions, and other content such as member messages and posts.”

Given the content in question on the forum, it’s no wonder why its members would want to keep their identities secret. In addition to tying names and faces to any number of cyber crimes, the forum members should know very well what kind of damage can be done with the information that was stolen and leaked.

Still, for a site whose tagline is “Expect the unexpected,” maybe they should have expected this.

Photo by The Preiser Project 

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU