126 Forums of vBulletin Hacked; 819,977 Accounts Leaked on Hacking Forums
Its shame on all administrators there, as they never bother to update the vBulletin software. Information has been stolen by a hacker from several forums after taking advantage of vulnerability in the security, which was discovered in June 2016. The leaked passwords are not the plain text, but it is advisable having a unique password for all the sites you visit.
A hacker as per online handle of "CrimeAgency" on the Twitter claims that he has hacked 126 web forums based on vBulletin (vB), stolen personal information of registered users and administrators, and then leaked them on the underground hacking forum. Online data mining and Hacked-DB, breach notification platform, scanned the data. The hack happened between Jan. and Feb. 2017 during which 819,977 user accounts are stolen from vulnerable forums. hardocp.com posted on February 28th, 2017, stating that the stolen data comprises of hashed passwords, email addresses, as well as 1681 unique IP addresses; whereas the email tally based on the domains is Outlook: 11,070 accounts, Gmail: 219,324 accounts, Hotmail: 121,507 accounts, and Yahoo: 108,777 accounts.
Hacked-DB, breach notification platform, verified the information once they managed scanning of the data.
The hacker appears to have used numerous vulnerabilities in security reported to vBulletin just some time back. The issues are fixed on the latest software versions, although the exploit is still working on the forums which have not bothered to update. This is simple carelessness or sheer negligence, after considering that one of the issues was as old as of last summer.
It is very easy to check which websites are using vBulletin by running Google Dorks, which is an exploit database. It is very as easy to view the software versions used by them, as well as where to attack.
This is not first time that the forums of vBulleting have been victimized by the hackers, and surely, it will not be last time. Although you might not actually care whether your forum data got stolen, but you might care for your email account to be seen and could even be hacked. The whole list of forums which got affected by the hack could be found in Pastebin and consists of boards dedicated to games, torrent sites, artists, etc.
» SPAMfighter News - 06-03-2017