- HTTP & SOCKS
- unlimited bandwidth
- Price starting from $0.08/IP
- Locations: EU, America, Asia
Nulled.IO: Should’ve Expected The Unexpected! – Risk Based …
May 10, 2016 • RBS
Last week a well known “hacker” forum became victim to the fast growing list of over 1, 076 data breaches that have occurred so far in 2016. The forum was compromised and data was leaked on May 6th consisting of a 1. 3GB compressed archive which when expanded is a 9. 45GB SQL file named
is a hacking based forum that, according to their website, appears to have 473, 700 registered users who share, sell and buy leaked content, stolen credentials, nulled software and software cracks. Considering this forum promotes the sharing of these activities it makes this breach quite ironic. was running the community forumcommonly known as IP. b or IPb. It appears that the forum was also running a Setup for its market place as well as VIP forums among a few other IPb plugins. While we do not have confirmation as to how this breach occurred at this point, there has been over 4, 500 vulnerabilities to date in 2016, and with 185 total vulnerabilities in (92 of them do not have a CVE by the way! ) it is not hard to make a guess! The last user to login to the forum was on 2016-05-06 10:12:49, providing a very good time frame of when the breach occurred, but it still does not give any idea who was behind this attack.
When examining the data we find that it is a full MySQL dump of a database named nulledforumsdotcr. As you might be able to guess contains the complete forums database for which is also known as The database actually contains 536, 064 user accounts with 800, 593 user personal messages, 5, 582 purchase records and 12, 600 invoices which seem to include donation records as well.
The accounts compromised all contain user names, email addresses, encrypted passwords, registration dates and registered with IP address. Other tables such as the nexus transactions table for VIP access payments contains User ID ( which can be matched back to users in the customers table), payment methods, paypal emails, dates and costs.
Since it is a full dump of the forums, also included are 2. 2 millions posts and all of the other site related content which means that private content, links and other information from the VIP forums is now public. This means the VIP access for older content is worthless, clearly impacting business model. Further we find API credentials for 3 payment gateways (Paypal, Bitcoin, Paymentwall) as well as 907, 162 authentication logs with geolocation data, member id and ip addresses, and 256 user donation records that are able to be matched to the user with member id.
One question that we receive quite often at RBS is about attribution. People generally want to know who are the actors behind these kinds of attacks and who is using “hacker” forums such as
We did some quick analysis of the email addresses and providers registered to offer some insight into who is using this service.
Email statistics from forum:
Email providers with more than 10, 000 matches.
As conversations continue about Cyber Warfare and offensive capabilities being used and developed by nation states, it is interesting to see 19 accounts were registered with based domains including the United States, Philippines, Brazil, Turkey and others. Further it was curious to see that 8 of the government accounts were marked as “User Group 5”, which is for Banned Accounts, the rest were either activated members with posts or awaiting activation.
So why is this leak important?
When services such as are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names. By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users. If law enforcement obtains this information, (which no doubt they already have) it can be used to filter out any “suspects” under investigation for possibly conducting illegal activities via the forums. With this being such a comprehensive dump of data it offers up a very good set of information for matching a member ID to the attached invoices, transactions and other content such as member messages and posts.
- HTTP & SOCKS
- unlimited bandwidth
- Price starting from $0.08/IP
- Locations: EU, America, Asia
Nulled – Wikipedia
For the term “nulled” as a synonym of “cracked”, see Software cracking.
NulledType of siteForumURLCommercialYesRegistrationRequired to access featuresCurrent statusActive
Nulled is an online forum board with over 4 million members as of 2021,  mostly used by people involved in cybercrime to trade and purchase leaked or hacked information.  Nulled started in 2015, and is one of the largest cracking forums to date.
In 2016 it became known as the target of a data breach which helped law enforcement to obtain information about possible ‘suspects’, who were registered on Nulled. 
Security Breach (May 2016)
On 16 May 2016, Nulled was hacked and its database leaked.  The leaked data contained 9. 65GB of users’ personal information.  The leak included a complete MySQL database file which contained the website’s entire data.  This data breach included 4, 053 user accounts, their PayPal email addresses,  along with cracked passwords,  800, 593 user personal messages, 5, 582 purchase records and 12, 600 invoices.  The data breach also exposed email addresses hosted on government domains.  The identity of the crew that took down Nulled’s database is not known, but there was speculation that state-sponsored hackers were involved.  Another article reported that a Romanian group claimed responsibility for the data breach. 
This security breach was investigated by several security researchers, who identified numerous critical vulnerabilities, with the used software and plugins – which was a gateway to server-side code execution, which could be exploited.
^ LLC, LIFARS (17 May 2016). “Hacking Marketplace Hacked Cybersecurity News”. LIFARS, Your Cyber Resiliency Partner. Retrieved 14 August 2019.
^ a b c Osborne, Charlie. ” hacking forum data breach exposes attackers in the shadows”. ZDNet. Archived from the original on 28 July 2019. Retrieved 14 August 2019.
^ a b “Data Leaked From Hacker Forum | “.. Archived from the original on 14 August 2019. Retrieved 14 August 2019.
^ a b c ” Should’ve Expected The Unexpected! “. RBS. 10 May 2016. Retrieved 14 August 2019.
^ Cimpanu, Catalin. “Famous Hacking Forum Suffers Devastating Data Breach”. softpedia. Retrieved 14 August 2019.
^ Kyoung, Son (17 May 2016). “유명 해킹포럼 ” 해킹… 전체 사용자 정보 유출”. ZDNet Korea.
^ ” Hacking Forum Hacked, Trove of Data Stolen”. HackRead. 16 May 2016. Retrieved 14 August 2019.
^ “The popular crime forum pwned by hackers”. Security Affairs. Archived from the original on 23 November 2018. Retrieved 14 August 2019.
^ “В Интернет выложен полный дамп базы хакерского сайта “. (in Russian). Retrieved 14 August 2019.
^ “Don’t laugh, but one of the world’s top hacker websites just got hacked”. Metro. 17 May 2016. Retrieved 14 August 2019.
^ a b at 22:17, Iain Thomson in San Francisco 17 May 2016. “Dark web hacking forum hacked and members’ privates exposed”.. Retrieved 14 August 2019.
^ Aldershoff, Jan Willem (10 May 2016). “Hackers obtain userdata and private messages of crack sharing community”. Retrieved 14 August 2019.
Products – Nulled
Users browsing this forum: BlueSphynx, Google (1), gfitcreate, loco141, LuffyxNami, AkamiGaKill, IrenNull, digitaltrader, XenoZamas, EbayDropship, Kirkoswald, Accountiify, Callmedragon, Yerrrr, ixrkxi, G1venchy, BlueApron, pamperry196, HeadlessHorror, AlexMercerXD, Hacker0o7, AlwaysAlpha, MuaythaiSpatula, SexoBayco, RobertBrandon, BranBrownie, GrizzlyApp, KAZZASR, Gator767sv, 20 Guest(s)
Last Post Info
| Powerful RDP, VPS and Dedicated Servers | Starting at £6 | Cracking allowed | Windows & Linux | PP & BTC
1 year ago
Started by KSZ
01 Nov, 2021
[No VOIP][CHEAP] SMS Verification! Real Numbers. [AUTOMATIC]
2 years ago
Started by JuicyProgrammin
Yesterday, 12:00 PM
PREMIUM RESIDENTIAL PROXIES | 0. 15$ / GB | FREE TRIALS |
2 weeks ago
Started by FuseFire
21 Oct, 2021
⭐⭐ WEB BASED CRYPTO TRADING BOT ⭐⭐ NO DEPOSITS ⭐⭐ NO DOWNLOADS
3 days ago
Started by BlueSphynx
02 Nov, 2021
OSRSCloudChecker – Oldschool Runescape Account Checker + BankYoinker
Started by Anonymous
19 Aug, 2021
| CHEAP LOL LOOT | 1$ ORBS | FULLY AUTOMATED SYSTEM | INSTANT DELIVERY | MOST REGIONS SUPPORTED | DEDICATED…
1 week ago
Started by SugarDaddy
Yesterday, 11:16 PM
Selling Signature Space [3 SPOTS AVAILABLE]
Started by Agile
26 Oct, 2021
Selling Signature Space – LAST SPACE AVAILABLE! +120, 200 Profile views – BOOST YOUR SALES NOW!
Started by Castiel
08 Oct, 2021
[WTS] Openbullet2/OpenBullet/Silverbullet/SentryMBA/STORM Custom Config Service (IOS/WEB/APP)
3 years ago
Started by D1NO
28 Sep, 2021
[NEW SERVER] Daddy’s Auction House | Marketplace For SE’d & Refunded Items | Sell your items here
3 months ago
Started by Daddy
Today, 04:26 AM
UHQ AIO Keker | Brute Modules | Capture Modules | Valid Mail Modules | DababyAIO
14 hours ago
Started by GangCeo
Today, 03:47 AM
[All apps] [1TB Cloud] Cheapest Adobe Creative Cloud all-over the Internet! One-month only for $15!
Started by digitaltrader
Today, 03:41 AM
Disposable PayPal accounts for the cheapest price, BUY NOW!
U3818DW – USA DROP – 10 To 14 BUSINESS DAYS – 500$
3 weeks ago
Started by EbayDropship
Today, 03:30 AM
IN NEED OF A BULK BUYER FOR PHYSICAL ITEMS
1 hour ago
Started by IrenNull
Today, 03:29 AM
DISNEY PLUS 1 – 3 – 6 – 12 MONTHS BTC & PAYPAL
2 months ago
Started by Accountiify
Today, 03:18 AM
NordVPN | 1 – 3 – 6 – 12 MONTHS | BTC & PAYPAL
Today, 03:17 AM
Selling 3 Weekly keys
4 months ago
Started by G1venchy
Today, 02:57 AM
Overwatch [Critical Hit] Legit / Rage & Powerful Features! |Ticket To Top 500s
7 months ago
Started by AlexMercerXD
Today, 02:35 AM
AUTO BUY | MICROSOFT OFFICE 365 5TB ONEDRIVE LIFETIME – $4
Started by Hacker0o7
Today, 02:32 AM
→ Premium Sellers