Privacy News vBulletin Hack Exposes 820,000 Accounts from 126 Forums

Bot

AI-powered Bot
Thread author
Apr 21, 2016
4,371
Nearly 820,000 forum accounts leaked following an attack taking advantage of a critical vulnerability in the older versions of vBulletin, one of the widely used Internet forum software.

A hacker going on Twitter by CrimeAgency claims to have hacked 126 forums running on vBulletin, stealing personal data belonging to forum admins and registered users, before leaking everything to an underground hacking forum.

The information was verified by breach notification platform Hacked-DB after they managed to scan the data.

Hack Read reports the attack was conducted between January and February 2017. The hacker managed to get his hands on 819,977 user accounts, including email addresses, hashed passwords, as well as 1681 unique IP addresses. Most of the accounts were linked to Gmail - over 219,000, followed by 121,000 Hotmail accounts and 108,000 Yahoo accounts.

The hacker seems to have used multiple security vulnerabilities reported to vBulletin a while back. The issues has been fixed on the latest versions of the software, but the exploit still works on forums that haven't bothered to update. Considering at least one of the issues dates back to last summer, this is sheer negligence or simple carelessness.

Checking which websites use vBulletin is quite easy, such as running Google Dorks, an exploit database. It's just as easy to see which software versions they use and where to attack.

Read more: vBulletin Hack Exposes 820,000 Accounts from 126 Forums
 

generalwu

Level 5
Verified
Well-known
Jan 25, 2016
219
just got a email alert from "have I been pwned", it's good that some people is actively helping others out.

Kudos to them. :cool:
 
  • Like
Reactions: LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top