Call it irony, poetic justice, karma, whatever you like. Nulled.io, a popular website for sharing hacking information, was hacked in the beginning of May. Unfortunately for any hacker wishing to remain anonymous online, the entire database is open for perusal. It contains 536,064 user accounts, 800,593 personal messages between users, 12,600 invoices, 5582 purchase records, and quite a few passwords and IP addresses. Since the hackers paid the website owners to keep such information under wraps, they’re probably just as disgruntled as their previous victims. On the plus side, this presents an excellent opportunity for law enforcement. Law abiding citizens may also learn a few things from the hackers’ misery.
Nulled.io was using the IP.Board community forum, which has had 185 known security vulnerabilities. Supposedly, all of them are fixed, but that doesn’t account for any new or unknown problems. At the time of this writing, the most widely accepted explanation for how the counterhackers accomplished the breach involves exploiting the numerous holes in the website host’s security. However, given that most security reviews for IPb commend them, there are certainly other possibilities. Nulled also depended on plugins that are not perfectly secure. If nothing else, they act as other possible routes for exploitation. Ars Technica reports that passwords within the site used MD5 encryption, which has a very fast algorithm. That allows a hacker to attempt a whole lot of passwords in a very short amount of time. Eventually, he might find something that works.
Where does that leave the law abiding citizen? When building a website, always check security features before using a platform. Use good passwords, as you’ve likely been exhorted hundreds of times by now. If you’re a web developer, remember to use strong encryption with slow algorithms. All users should uninstall unused plugins to minimize potential attacks, and frequently used plugins should be checked often for updates and then updated. So go, ye law abiding citizens, and update thy passwords and plugins.
Subscribing to our newsletter is the best way to stay informed of trending tech news and important updates. If you would like to receive our complimentary quarterly newsletter, please use the link below. Your privacy is important to us! We will never share your information, and each email you receive will include a link to edit your subscription or unsubscribe from future mailings.