20 May 2016

Behind the NULLED.IO hack


Behind the NULLED.IO hack

Several days ago the public became aware of an attack on a popular hacking website nulled.io. Hackers managed to obtain database dump and published it on the Internet. Unfortunately, the database was modified, and a lot of interesting tables (such as forum posts) were missing in the dump. However, the leaked information is still valuable, because it contains email addresses of website visitors, their hashed passwords, IP addresses, etc.

We have decided to make a small analysis of this information to determine who was using nulled.io. Here are our findings:

Total active members of the community (who published more than 3 posts in form): 145 096

Below is a table of 10 most popular domains for email addresses (72% of all emails):

Domain Accounts
gmail.com 66875
hotmail.com 19052
yahoo.com 7476
outlook.com 3375
naver.com 1491
live.com 1417
wp.pl 1258
qq.com 1190
web.de 1144
mail.ru 1062

Distribution by domains:

Popular domains 104340
Corp. websites 2130
Other websites 38626

In total, the website was visited by 240 people with Czech emails.

seznam.cz 168
email.cz 30
centrum.cz 24
post.cz 4
outlook.cz 3
volny.cz 3
docmail.cz 1
tiscali.cz 1
opengate.cz 1
atlas.cz 1
spalex.cz 1
wellmax-soft.cz 1
sps.hranet.cz 1
hotmail.cz 1



Back to the list

Latest Posts

Lazarus hackers are luring crypto experts with fake Coinbase job offers

Lazarus hackers are luring crypto experts with fake Coinbase job offers

The new phishing campaign uses a PDF containing details of the job offer at crypto giant Coinbase.
8 August 2022
Rapidly evolving IoT RapperBot malware targets Linux systems using SSH brute force

Rapidly evolving IoT RapperBot malware targets Linux systems using SSH brute force

While RapperBot heavily reuses parts of the Mirai source code, it differs from the original Mirai and typical Mirai-based variants.
8 August 2022
Twitter confirms recent data breach was caused by a vulnerability

Twitter confirms recent data breach was caused by a vulnerability

The company said that a malicious actor took advantage of the issue before it was identified and fixed.
8 August 2022