vBulletin.com Forums Hacked

gog1970

Enthusiast
Joined
Jun 25, 2015
Messages
189
I have seen that before. It looks weird, why do they need all that info?

After reading this thread and then seeing the request for information my first thought was it was a sly plot by hackers to gain info lol
I now realise that's not the case,still has me wondering why
 

HallofFamer

Habitué
Joined
Sep 6, 2010
Messages
1,336
Look like they are back to normal now, what happened before seems to be another hacking attempt. The question is, have they learned anything during the last few times VB was hacked. If so, did they take any measures to fix the security problem, or just reset server and clients passwords.
 

PoetJC

⚧ Jacquii: Kween of Hearts ⚧
Joined
Jul 9, 2006
Messages
21,033
Are we sure it was a hacking attempt though? I just surfed to vB.org and wasn't logged out. They've not instituted a forced password reset as they generally do after a hacking attempt... It could have simply been a server issue? Or ... maybe not?... :confused:

J.
 

Kevin

Oooh, something shiny!
Joined
Jul 13, 2004
Messages
3,435
Is it normal when they go down to ask for name,number,email etc,first time i have ever seen that before
Maybe they were hoping that whoever took the server down this time would submit their confact info.
Are we sure it was a hacking attempt though? I just surfed to vB.org and wasn't logged out. They've not instituted a forced password reset as they generally do after a hacking attempt... It could have simply been a server issue? Or ... maybe not?... :confused:

J.
With vBulletin being so oriented on transparency I'm sure we'll find out soon.






:rofl:
 

ManagerJosh

Adherent
Joined
Oct 24, 2004
Messages
337
Maybe they were hoping that whoever took the server down this time would submit their confact info.

With vBulletin being so oriented on transparency I'm sure we'll find out soon.






:rofl:

The only thing transparent happening right now is it's fall from grace.
 

BirdOPrey5

#Awesome
Joined
Aug 14, 2008
Messages
4,213
To me it looked like our standard customer contact form without any CSS styling. I haven't heard anything about the downtime being even remotely hacking related.
 

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,935
Just to clear up the latest paranoia, there was no hacking, that was simply due to the database server being offline.

The screenshot is of the default contact form that magento puts up when it encounters an error.
I suspect you got it because "forums.vbulletin.com" is not the correct url to use for the forums (I'm surprised it still works tbh).
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,537
For people that want to see if details have been taken https://haveibeenpwned.com/ Also it checks for other websites to LinkedIn, Adobe, Ownedcore. This is the full list https://haveibeenpwned.com/PwnedWebsites

My details taken from vBulletin:

vBulletin: In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records. The breach included email addresses, birth dates, security questions and answers for customers and salted hashes of passwords for both sources.

Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity
 

Danielx64

Developer
Joined
Nov 8, 2009
Messages
3,315
For people that want to see if details have been taken https://haveibeenpwned.com/ Also it checks for other websites to LinkedIn, Adobe, Ownedcore. This is the full list https://haveibeenpwned.com/PwnedWebsites

My details taken from vBulletin:

vBulletin: In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records. The breach included email addresses, birth dates, security questions and answers for customers and salted hashes of passwords for both sources.

Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity
That would be the same for everyone I think.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,397
Twice for me, once at vBulletin and the other with Adobe. The Adobe hack was of no consequence because I registered with disposable details but vBulletin was another matter. That compromise taught me a valuable lesson, to never again submit so much personal data to a website.
 

Danielx64

Developer
Joined
Nov 8, 2009
Messages
3,315
Twice for me, once at vBulletin and the other with Adobe. The Adobe hack was of no consequence because I registered with disposable details but vBulletin was another matter. That compromise taught me a valuable lesson, to never again submit so much personal data to a website.
I got 6 :(
 

Deimos

Devotee
Joined
Oct 21, 2007
Messages
2,825
Pwned on 9 breached sites and found 1 paste (subscribe to search sensitive breaches)
Jeebus! lol and yea, Vbulletin is on that list.
 
Top