vBulletin Hack Exposes 820,000 Accounts from 126 Forums

[ARMOUR]

 

vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software’s old versions allowing hackers to breach any forum who hasn’t been updated to the latest version.

 

Recently, a hacker going by the online handle of “CrimeAgency” on Twitter is claiming to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. The data was scanned by online data mining and breach notification platform Hacked-DB.

 

The hack was conducted between January and Febuarary 2017 in which 819,977 user accounts were stolen from the vulnerable forums. The stolen data includes email addresses, hashed passwords, and 1681 unique IP addresses while the email count based on domains is Gmail: 219,324 accounts, Outlook: 11,070 accounts, Yahoo: 108,777 accounts and Hotmail: 121,507 accounts.

 

Nearly 820,000 forum accounts leaked following an attack taking advantage of a critical vulnerability in the older versions of vBulletin, one of the widely used Internet forum software. 

 

The hacker seems to have used multiple security vulnerabilities reported to vBulletin a while back. The issues has been fixed on the latest versions of the software, but the exploit still works on forums that haven't bothered to update. Considering at least one of the issues dates back to last summer, this is sheer negligence or simple carelessness.

 

The whole list of forums that were affected by the hack can be found in a Pastebin and includes boards dedicated to artists, games, torrent sites, politics and adult movies, to name a few.

 

An overall majority of the hacked forums are based on vBulletin 4.x which can be exploited by multiple security vulnerabilities including SQL injection attacks. According to vBulletin support forums, the issue was reported in June 2016.

 

Source:

• hackread.com
• news.softpedia.com

[straycat19]

Those are some off the wall sites, most of which I have never seen or heard of, which makes me think the reason they were hacked is because they aren't used by computer geeks that would know about security, updates, etc.

[DKT27]

I must mention, we should not congratulate ourselves thinking that just because we are not using that software we are completely secure. We at nsane try to follow all the good security practices and try our best to make sure it's fully secure. But here is a quote by nsane himself:

 

Quote

Nothing in this world is unhackable, it just depends on the expertise of the hacker.

 

Why am I saying this is that while we expected to follow the good security practices, we ourselves and the members too should not be convinced that what security issues happen to other forums do not necessarily happens to ours. Nor does it mean we should be having security of some anti-hacking software company, some people, no I'm not talking about experts like straycat19, just overdo the security part here.

[DKT27]

2 hours ago, 0bin said:

For future would be nice to see https protocol enforced, if there are not particulary reason to use http; and maybe review the tapatalk support because has many security problems.

 

You mean on nsane.forums. We tried HTTPS, broke the forums completely. We try to update Tapatalk as much as possible, but updating it on the forum side is not easy though. Never tried it myself and have no idea how useful is it.

[DKT27]

6 minutes ago, 0bin said:

Tapatalk basically bind all forums you like in a single app, useful if you away from PC and like to check multiple forums, like have, xda and nsane directly on phone with icon, but from what I red completely rewrite some things. I also tested successfully visiting nsane.forums with lynx, and performed ok.

About the https, maybe in future.

Mine suggestions for improvement ^-^

 

On latest version nsane do good on tapatalk, but I red many admins on other site don't adopt tapatalk cause of security problems, aka wilders or mtips.

 

I see. Thanks for the information. We have some members using Tapatalk here. I personally find it annoying to see that message whenever one opens the forums from the mobile.

 

I think Tapatalk is getting updated quite frequently and a lot of security issues can arise by how it's configured, but that's my view. The forums you have mentioned are experts in security so they may do so with some reason behind it.

 

I'm not sure what lynx is. Google tells me it's an text based browser.

 

We do have HTTPS on nsane.down, which seems to be working quite fine.

 

I see. Thanks for the information about it.

[DKT27]

4 minutes ago, 0bin said:

Lynx yes is based text browser, I was testing my Raspberry2 because Chromium don't go very well on that device, but also with Lynx the forum was perfectly readable, not css and all stuff, but ok, I like the content.

 

The info of project lynx are here for reference http://lynx.invisible-island.net/lynx2.8.8/index.html

 

I see. Thanks for the info about it.

 

As for suggestion you have mentioned, thanks for them too.