I think Null left Redis wide open on one of the non-Cloudflare servers (e.g. kiwifarms.pl). I've had it happen where software firewalls fail to start after a reboot due to kernel updates and then accidentally leave a server wide open. So these kind of mistakes happen quite often if you're using a regular "bare" VPS without a hardware firewall and it was only a matter of time before some random port scanner bot found it anyway (though it would have helped for Redis to be password protected it's common for it not to be if only clients from the private network are supposed to connect).
Then you could just connect with a Redis client, list all keys, and download them. I think all the .txt files are cache fragments but someone would need to look into the Xenforo source to confirm if these are commonly cached page fragments. The emails come from your account settings page where you can edit your own email and perhaps
@Null could improve things by censoring them like a*@b*.c*.
The IPs were probably part of the cache keys or something to make sure people were served the correct fragments.
What I don't understand is why it all ended up as Markdown. Perhaps Xenforo caches multiple output formats and he happened to download the MD one.
Personally I would have released only the IPs + emails in a CSV with no further explanation. I think that would have spooked Null more as it would be less obvious how they were stolen.
come on, Null, give us some speshul badges
