Other vBulletin Hack Exposes 820,000 Accounts

alimac

VIP Member
VIP Member
Joined
Feb 21, 2013
Messages
10,421
Reaction score
13,774
logo.gif


vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software’s old versions allowing hackers to breach any forum who hasn’t been updated to the latest version.

Recently, a hacker going by the online handle of “CrimeAgency” on Twitter is claiming to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. The data was scanned by online data mining and breach notification platform Hacked-DB.

The hack was conducted between January and Febuarary 2017 in which 819,977 user accounts were stolen from the vulnerable forums. The stolen data includes email addresses, hashed passwords, and 1681 unique IP addresses while the email count based on domains is Gmail: 219,324 accounts, Outlook: 11,070 accounts, Yahoo: 108,777 accounts and Hotmail: 121,507 accounts.

Nearly 820,000 forum accounts leaked following an attack taking advantage of a critical vulnerability in the older versions of vBulletin, one of the widely used Internet forum software.

The hacker seems to have used multiple security vulnerabilities reported to vBulletin a while back. The issues has been fixed on the latest versions of the software, but the exploit still works on forums that haven't bothered to update. Considering at least one of the issues dates back to last summer, this is sheer negligence or simple carelessness.

The whole list of forums that were affected by the hack can be found in a Pastebin and includes boards dedicated to artists, games, torrent sites, politics and adult movies, to name a few.

Code:
You don't have permission to view the code content. Log in or register now.
 
Back
Top