Show vulnerabilities with patch / with exploit
20 May 2016

Behind the NULLED.IO hack


Behind the NULLED.IO hack

Several days ago the public became aware of an attack on a popular hacking website nulled.io. Hackers managed to obtain database dump and published it on the Internet. Unfortunately, the database was modified, and a lot of interesting tables (such as forum posts) were missing in the dump. However, the leaked information is still valuable, because it contains email addresses of website visitors, their hashed passwords, IP addresses, etc.

We have decided to make a small analysis of this information to determine who was using nulled.io. Here are our findings:

Total active members of the community (who published more than 3 posts in form): 145 096

Below is a table of 10 most popular domains for email addresses (72% of all emails):

Domain Accounts
gmail.com 66875
hotmail.com 19052
yahoo.com 7476
outlook.com 3375
naver.com 1491
live.com 1417
wp.pl 1258
qq.com 1190
web.de 1144
mail.ru 1062

Distribution by domains:

Popular domains 104340
Corp. websites 2130
Other websites 38626

In total, the website was visited by 240 people with Czech emails.

seznam.cz 168
email.cz 30
centrum.cz 24
post.cz 4
outlook.cz 3
volny.cz 3
docmail.cz 1
tiscali.cz 1
opengate.cz 1
atlas.cz 1
spalex.cz 1
wellmax-soft.cz 1
sps.hranet.cz 1
hotmail.cz 1



Back to the list

Latest Posts

Vulnerability summary for the week: May 29, 2020

Vulnerability summary for the week: May 29, 2020

Weekly vulnerability digest.
29 May 2020
Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

NTT Communications said hackers gained access to its internal network and stole information on 621 customers.
29 May 2020
Sandworm hacking group exploiting Exim flaw since at least 2019

Sandworm hacking group exploiting Exim flaw since at least 2019

The NSA is urging system administrators to update Exim by installing version 4.93 or newer to mitigate the vulnerability.
29 May 2020