20 May 2016

Behind the NULLED.IO hack


Behind the NULLED.IO hack

Several days ago the public became aware of an attack on a popular hacking website nulled.io. Hackers managed to obtain database dump and published it on the Internet. Unfortunately, the database was modified, and a lot of interesting tables (such as forum posts) were missing in the dump. However, the leaked information is still valuable, because it contains email addresses of website visitors, their hashed passwords, IP addresses, etc.

We have decided to make a small analysis of this information to determine who was using nulled.io. Here are our findings:

Total active members of the community (who published more than 3 posts in form): 145 096

Below is a table of 10 most popular domains for email addresses (72% of all emails):

Domain Accounts
gmail.com 66875
hotmail.com 19052
yahoo.com 7476
outlook.com 3375
naver.com 1491
live.com 1417
wp.pl 1258
qq.com 1190
web.de 1144
mail.ru 1062

Distribution by domains:

Popular domains 104340
Corp. websites 2130
Other websites 38626

In total, the website was visited by 240 people with Czech emails.

seznam.cz 168
email.cz 30
centrum.cz 24
post.cz 4
outlook.cz 3
volny.cz 3
docmail.cz 1
tiscali.cz 1
opengate.cz 1
atlas.cz 1
spalex.cz 1
wellmax-soft.cz 1
sps.hranet.cz 1
hotmail.cz 1



Back to the list

Latest Posts

FIN7 cybercrime gang offers new EDR bypass tool on dark web

FIN7 cybercrime gang offers new EDR bypass tool on dark web

AvNeutralizer is being advertised for prices ranging between $4,000 and $15,000 on various cybercrime forums.
17 July 2024
Critical Apache HugeGraph vulnerability exploited in the wild

Critical Apache HugeGraph vulnerability exploited in the wild

Users are strongly recommended to upgrade to the fixed version as soon as possible.
17 July 2024
TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

The threat actor has employed the Go-based backdoors Pantegana and SparkRAT for post-exploitation.
17 July 2024