Assuming you are referring to that link, I only see vB listed once, 500,000 accounts (which I would guess is the forum).
Since I have not seen "that database", I would not know what's in it.I do not think so, because security questions and answers where also in that database, so it must be more then forum only or it must be one weird data structure.
Since I have not seen "that database", I would not know what's in it.
I simply stated it was a guess based on the record count - given that there are not 1/2 million user records in the ticket system, not even close, but the forum is probably not that far off.
Either way, thats not really the point of my post.
The original post stated "its amazing to see how many vbulletin forums were hacked in 2015".
The link however does not seem to have anything to do with that completely random statement.
I'm not really sure what your point is, other than to selectivly attack VB simply because servers or sites that happen to run vb forums get hacked (regardless of how they actually got hacked). Sites are being hacked worldwide on a daily basis, regardless of what forum software they run (or if they even run a forum at all). Its not some unique problem involving vbulletin, or indeed via vbulletin. As I recall, the IB [VB] sites have been hit 3 times in the last six or so years, only one of those was knowingly done via an exploit in the forum software (quite an obscure one as well, but valid nevertheless).The link shows the major sites below, but hacks of other sites are not listed, but were reported in the media. But there also were thousands of vbulletin sites hacked in 2013, so it may seem a random statement from that perspective indeed. And maybe I'm biased. Probably actually, since my big board was also on the receiving end of vbulletin exploits.
A hacker going by CrimeAgency on Twitter claims to have hacked 126 forums running on vBulletin, stealing personal data belonging to forum admins and registered users, before leaking everything to an underground hacking forum.
The information was verified by breach notification platform Hacked-DB after they managed to scan the data.
Hack Read reports the attack was conducted between January and February 2017. The hacker managed to get his hands on 819,977 user accounts, including email addresses, hashed passwords, as well as 1681 unique IP addresses. Most of the accounts were linked to Gmail - over 219,000, followed by 121,000 Hotmail accounts and 108,000 Yahoo accounts.
The hacker seems to have used multiple security vulnerabilities reported to vBulletin a while back. The issues have been fixed on the latest versions of the software, but the exploit still works on forums that haven't bothered to update. Considering at least one of the issues dates back to last summer, this is sheer negligence or simple carelessness.
Checking which websites use vBulletin is quite easy, such as running Google Dorks, an exploit database. It's just as easy to see which software versions they use and where to attack.