Nulled.cr and Nulled.ch Forum Breaches Exposed User Data and Private Messages
Two breaches tied to the Nulled cybercrime forum ecosystem exposed large volumes of member data and private communications after attackers compromised both Nulled.cr and Nulled.ch. The larger incident hit Nulled.cr, where a 2016 hack exposed about 599,000 user accounts and was later leaked publicly, including email addresses, IP addresses, usernames, weak salted MD5 password hashes, and hundreds of thousands of private messages between members.
A separate breach affected Nulled.ch, where a 2020 compromise exposed more than 43,000 records after the stolen data was published on a rival hacking forum. The leaked information included IP addresses, email addresses, usernames, salted MD5 password hashes, and the private message history of the site's administrator, underscoring repeated security failures across closely associated underground forum infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Stolen Nulled.ch data published on rival hacking forum
After the May 2020 breach, the stolen Nulled.ch data was published on a rival hacking forum. The published data included user account details and the administrator's private message history.
Nulled.ch forum breached, affecting more than 43,000 records
In May 2020, the hacking forum Nulled.ch was breached. More than 43,000 records were compromised, including IP addresses, email addresses, usernames, salted MD5 password hashes, and the private message history of the site's administrator.
Stolen Nulled.cr data leaked publicly
Following the May 2016 compromise, the stolen Nulled.cr dataset was publicly leaked. The leaked material included account data and hundreds of thousands of private messages exchanged between forum members.
Nulled.cr forum hacked and 599,000 accounts exposed
In May 2016, the cracking community forum Nulled.cr suffered a major breach. The incident exposed 599,000 user accounts, including email addresses, IP addresses, weak salted MD5 password hashes, and large volumes of private messages.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
BreachForums Breaches Expose User Data After MyBB Zero-Day Compromise
BreachForums suffered repeated compromises that exposed member data across multiple iterations of the cybercrime forum. An earlier breach leaked details on about **4,000 members**, while a later incident tied to the forum's reboot reportedly spilled data on roughly **325,000 users**, underscoring the scale of exposure affecting one of the most prominent underground marketplaces. Reporting on the more recent compromise said the forum was hit through a **MyBB `0-day`** affecting unpatched software, with forum administrators claiming the intrusion was also linked to a broader law-enforcement crackdown. The incident disrupted the platform, prompted leadership changes including the emergence of a new admin, and highlighted how even criminal forums remain vulnerable to the same software flaws, operational failures, and data-security lapses that they routinely exploit in others.
May 25, 2026
Carding Mafia Forum Breached Twice, Exposing Nearly 600,000 Criminal Marketplace Accounts
The cybercrime forum **Carding Mafia**, which was used for the theft and trading of stolen credit cards, suffered two separate data breaches in 2021 that together exposed records tied to nearly **600,000 member accounts**. One breach in **March 2021** affected nearly 300,000 members, while a second breach in **December 2021** exposed more than 300,000 more, showing repeated compromise of the same criminal platform within nine months. Across the two incidents, the leaked data included **email addresses, usernames, IP addresses, and passwords hashed with salted `MD5`**. Both breaches were classified as **sensitive** and were not made publicly searchable by Have I Been Pwned, but the disclosures highlight that even illicit forums can become sources of credential exposure, infrastructure intelligence, and attribution data for defenders and investigators.
Mar 27, 2026
ShinyHunters Leaks 300,000 BreachForums User Records After Exiting Forum
ShinyHunters said it has abandoned **BreachForums** and released an updated database affecting more than **300,000 users** of the cybercrime marketplace. Reports say the leak goes beyond basic credentials and includes full account profile and activity data, including usernames, email addresses, hashed passwords, salts, IP addresses, login metadata, and forum activity timestamps. The group said maintaining the forum ecosystem became a "waste of time" after the FBI seizure of BreachForums and claimed that all currently active BreachForums domains are fake. ShinyHunters also threatened to publish fuller backups — including private messages, posts, and additional user data — unless the remaining forums shut down, while asserting it holds exploits for all **MyBB 1.8** versions; the identity of the operators behind current BreachForums instances remains unclear, with speculation ranging from opportunistic criminals to possible law enforcement honeypots.
Apr 30, 2026