[BreachExchange] vBulletin Hack Exposes 820, 000 Accounts from 126 Forums

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 28 18:55:57 EST 2017


http://news.softpedia.com/news/vbulletin-hack-exposes-
820-000-accounts-from-126-forums-513416.shtml

Nearly 820,000 forum accounts leaked following an attack taking advantage
of a critical vulnerability in the older versions of vBulletin, one of the
widely used Internet forum software.

A hacker going by CrimeAgency on Twitter claims to have hacked 126 forums
running on vBulletin, stealing personal data belonging to forum admins and
registered users, before leaking everything to an underground hacking forum.

The information was verified by breach notification platform Hacked-DB
after they managed to scan the data.

Hack Read reports the attack was conducted between January and February
2017. The hacker managed to get his hands on 819,977 user accounts,
including email addresses, hashed passwords, as well as 1681 unique IP
addresses. Most of the accounts were linked to Gmail - over 219,000,
followed by 121,000 Hotmail accounts and 108,000 Yahoo accounts.

The hacker seems to have used multiple security vulnerabilities reported to
vBulletin a while back. The issues have been fixed on the latest versions
of the software, but the exploit still works on forums that haven't
bothered to update. Considering at least one of the issues dates back to
last summer, this is sheer negligence or simple carelessness.

Checking which websites use vBulletin is quite easy, such as running Google
Dorks, an exploit database. It's just as easy to see which software
versions they use and where to attack.

Wide range of forums

This isn't the first time vBulleting forums have fallen victim to hackers,
and it certainly won't be the last. While you may not really care whether
your forum data has been stolen, you may care that your email account can
be seen and maybe even hacked.

The complete list of forums that were affected by the hack can be found in
a Pastebin and includes boards dedicated to artists, games, torrent sites,
politics and adult movies, to name a few.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170228/f62be85c/attachment.html>


More information about the BreachExchange mailing list