vBulletin.com Forums Hacked

Alpha1

Administrator
Joined
May 28, 2007
Messages
4,013
Customer accounts are not the same as forum accounts. There could well be 480.000 customer accounts in the customer area + forum.
 

Klaatu

Fan
Joined
Mar 1, 2010
Messages
606
This is ****ing embarrassing. If this skiddie got access to customer data, it could be the final nail in vBulletin's coffin.
 

Danielx64

Developer
Joined
Nov 8, 2009
Messages
3,315
This is ****ing embarrassing. If this skiddie got access to customer data, it could be the final nail in vBulletin's coffin.
Well I was supposed to update my personal details when I got my second hand license but I didn't. So I may be lucky up to a point.
 

s.molinari

Leader of Skooppa
Joined
Sep 14, 2012
Messages
5,035
vB5, the perfect Halloween gift......because it is like Freddie Krueger from a Nightmare on Elm Street. It just keeps coming back to haunt you, even in your sleep! :D

upload_2015-11-1_8-59-29.png

Edit: as another example, go to blogs and click on the first "Last Blog Comments".

Scott
 
Last edited:
  • Like
Reactions: GTB

Joeychgo

TAZ Administrator
Joined
Feb 28, 2004
Messages
6,960
Customer accounts are not the same as forum accounts. There could well be 480.000 customer accounts in the customer area + forum.

48 of which are current customer accounts?
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,215
At this time there is no indication customer info was compromised. The screenshot shows what appears to be the user table from the forum database. These are separate databases.

The fields shown in the screenshot are: userid, usergroup, username, email, and a few others, exactly what you would see if you pulled the data out of your own VB user's table.

I can't confirm it's even legitimate as I don't have access to the user table for vbulletin.com, so I'm not confirming it is legit, just that the data is consistent with what you would see in the user table of any VB forum.

If the VB5 database was stolen the stronger blowfish encryption used in VB5 should prevent the mass decoding of users passwords.

I have no additional info than anyone else has by looking at what is posted here, just knowing what a VB5 user table looks like.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
The blowfish will make it harder (quite a bit), but it is not completely impossible to decrypt the PW's

But that still leaves everyone's email and such accessible, and sellable to the right people.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
I can't confirm it's even legitimate as I don't have access to the user table for vbulletin.com, so I'm not confirming it is legit, just that the data is consistent with what you would see in the user table of any VB forum.

Well to confirm beyond a reasonable doubt, you would need access to the user table, but if you look at the recent registrations, and the image posted, they match up. Sure the dude could have loved up the userid' sand mocked something up, but I doubt that.
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,215
Well to confirm beyond a reasonable doubt, you would need access to the user table, but if you look at the recent registrations, and the image posted, they match up. Sure the dude could have loved up the userid' sand mocked something up, but I doubt that.
Because of the crowd here I have to be very clear and specific when I type anything. Otherwise later on VB.com there'll be a thread "Joe confirmed the databse was stolen" and that is absolutely not what I am doing, I have no ability to confirm anything like that.
 
Top