Hackers' website breached by hacker

Nulled website offline page stating scheduled maintenance Image copyright Nulled
Image caption The Nulled website is currently offline

The email addresses and private messages of more than 470,000 members of a hacking website have been leaked online following a huge data breach.

The Nulled website was a popular marketplace for stolen account details and hacking tips.

The leaked data contained more than 5,000 purchase records relating to the exchange of stolen information.

The site has been taken offline, stating it is undergoing "routine maintenance".

Image copyright Risk Based Security
Image caption Nulled sold access to a VIP message board where cybercriminals could exchange tips

Researchers at Risk Based Security said the data dump contained the "complete forum's database" including 12,600 invoices, usernames, members' PayPal addresses and IP addresses.

It also contained millions of forum posts and private messages detailing illegal activities.

And some of the data could be used to work out members' identities, if they did not take steps to conceal it.

Risk Based Security added the website had used message board software with known vulnerabilities, and the site also used a weak hashing algorithm to protect members' passwords.

The data breach was confirmed by independent security researcher Troy Hunt.

"Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly," said Mr Hunt.

"While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities."

Related Topics

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites