18th May 2016
 

A major online hacking forum has been breached by an unknown hacker, with details on 600,000 cyber criminals having now been leaked online.

Nulled.io, whose tagline is ‘expect the unexpected’, was hacked earlier this month, with the file containing the “complete forum’s database” being made easily accessible online to anyone, including law enforcement. Members’ IP addresses, login data, emails, private messages and transaction histories were all among the information taken by the unknown hacker.

Many of the members will have used the forum to share tips on carrying out cyber attacks, as well as sharing stolen account details, and may now have their identities exposed if they have failed to take the necessary steps to conceal it.

The website has since been taken offline, saying that it is undergoing ‘temporary unscheduled maintenance’.

Troy Hunt, an independent security researcher, confirmed the hack, saying: “Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly.

“While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities.”
The passwords for leaked accounts were encrypted, but have since been revealed, reportedly, after being brute-forced.

Dan Gooding, of Ars Technica, said: “The passwords appear to be protected by MD5, a hashing algorithm that’s woefully inadequate for storing passwords, because the underlying algorithm is so fast. The hashes observed by Hunt have cryptographic salts attached to them, so it’s possible the MD5 hashes were iterated enough times to make mass cracking impractical.”

If you want to check if any of your accounts have been compromised, check out haveibeenpwned.com