Someone has a sense of irony: A well-known hacker forum dubbed Nulled.IO has been itself compromised, leading to the release of a treasure trove of pwn data.
Nulled.IO said that it has 473,700 registered users who share, sell and buy leaked content, stolen credentials, nulled software and software cracks. According to Risk Based Security, the database that was leaked includes critical information about the users of the forum, including 536,064 user accounts with 800,593 personal messages, 5,582 purchase records and 12,600 invoices, which seem to include donation records as well.
The accounts compromised all contain user names, email addresses, encrypted passwords, registration dates and registered with IP address. Other tables such as the nexus transactions table for VIP access payments contains User ID (which can be matched back to users in the customers table), payment methods, PayPal emails, dates and costs.
But that’s not all: Also, including are API credentials for three payment gateways (PayPal, Bitcoin, Paymentwall) as well as 907,162 authentication logs with geolocation data, member ID and IP addresses, and 256 user donation records that are able to be matched to the user with member ID.