A group of dark web hackers has been hacked, with its user database stolen and published online.
Over 473,000 malicious black-hat hackers use the Nulled.io forum to trade in stolen identities and credit cards, software exploits and malware toolkits.
However, unknown cyber-vigilantes have cracked the site's security and made off with a 9.45GB database including the location data, activities and emails of its members.
Exactly how they got in is still unknown, but RiskBased Security pointed out that - ironically - the forum was running on a notoriously insecure software framework.
"Nulled.IO was running the IP.Board community forum commonly known as IP.b or IPb," the firm said. It added that there are "185 total vulnerabilities in IP.Board", and that "it is not hard to make a guess" at the cause of the breach.
These Robin Hood-esque 'counter-hackers' proceeded to dump the database, which features some interesting information.
For starters, 20 of the listed email addresses listed are official '.gov' accounts, from countries including the US, Brazil, Turkey and more.
The authenticity of the breach was confirmed by security expert Troy Hunt, who has a history of discovering and disclosing similar database vulnerabilities.
"Data breaches like this remind us that even criminal elements are not immune from having their identities disclosed and released publicly," he said.
"While many of them no doubt took precautions to hide their true identities, inevitably many others will now be feeling very nervous at the prospect of being outed while engaged in fraudulent activities."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
