vBulletin.com Forums Hacked

[Alpha1]

Not only the vbulletin forum but also the licence / help desk system was hacked last year.

BTW: its amazing to see how many vbulletin forums were hacked in 2015.
https://haveibeenpwned.com/PwnedWebsites

 

[Paul M]

Assuming you are referring to that link, I only see vB listed once, 500,000 accounts (which I would guess is the forum).

 

[we_are_borg]

Assuming you are referring to that link, I only see vB listed once, 500,000 accounts (which I would guess is the forum).

I do not think so, because security questions and answers where also in that database, so it must be more then forum only or it must be one weird data structure.

 

[Alpha1]

Assuming you are referring to that link, I only see vB listed once, 500,000 accounts (which I would guess is the forum).

Nope they got it all. Including information that is not in the forum system but in the license & ticket system.

 

[Paul M]

I do not think so, because security questions and answers where also in that database, so it must be more then forum only or it must be one weird data structure.

Since I have not seen "that database", I would not know what's in it.
I simply stated it was a guess based on the record count - given that there are not 1/2 million user records in the ticket system, not even close, but the forum is probably not that far off.

Either way, thats not really the point of my post.
The original post stated "its amazing to see how many vbulletin forums were hacked in 2015".
The link however does not seem to have anything to do with that completely random statement.

 

[Alpha1]

The link shows the major sites below, but hacks of other sites are not listed, but were reported in the media. But there also were thousands of vbulletin sites hacked in 2013, so it may seem a random statement from that perspective indeed. And maybe I'm biased. Probably actually, since my big board was also on the receiving end of vbulletin exploits.


Gamerzplanet
In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Compromised data: Email addresses, IP addresses, Passwords, Usernames


iPmart
During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 368k accounts were added to "Have I been pwned" in March 2016 bringing the total to over 2.4M.

Compromised data: Dates of birth, Email addresses, Passwords, Usernames

MPGH
In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

PS3Hax
In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

PSX-Scene
In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Compromised data: Email addresses, IP addresses, Passwords, Usernames


R2Games
In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked. A further 11M accounts were added to "Have I been pwned" in March 2016 bringing the total to over 13M.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

vBulletin
In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records. The breach included email addresses, birth dates, security questions and answers for customers and salted hashes of passwords for both sources.

Compromised data: Dates of birth, Email addresses, Homepage URLs, Instant messenger identities, IP addresses, Passwords, Security questions and answers, Spoken languages, Website activity

 

[we_are_borg]

Since I have not seen "that database", I would not know what's in it.
I simply stated it was a guess based on the record count - given that there are not 1/2 million user records in the ticket system, not even close, but the forum is probably not that far off.

Either way, thats not really the point of my post.
The original post stated "its amazing to see how many vbulletin forums were hacked in 2015".
The link however does not seem to have anything to do with that completely random statement.

Well it was amazing how many sites where hacked that run vBulletin but its because you have many sites running the software. If you take all sites that where hacked its amazing, but the link to that site has indeed nothing to do with it. Also the ticket system is only one part of the system its all data where they talk about so that can include ticket, forum and back-end, the lucky thing is that you dont save credit card numbers unhached in the system.

 

[Paul M]

The link shows the major sites below, but hacks of other sites are not listed, but were reported in the media. But there also were thousands of vbulletin sites hacked in 2013, so it may seem a random statement from that perspective indeed. And maybe I'm biased. Probably actually, since my big board was also on the receiving end of vbulletin exploits.

I'm not really sure what your point is, other than to selectivly attack VB simply because servers or sites that happen to run vb forums get hacked (regardless of how they actually got hacked). Sites are being hacked worldwide on a daily basis, regardless of what forum software they run (or if they even run a forum at all). Its not some unique problem involving vbulletin, or indeed via vbulletin. As I recall, the IB [VB] sites have been hit 3 times in the last six or so years, only one of those was knowingly done via an exploit in the forum software (quite an obscure one as well, but valid nevertheless).

 

[Alpha1]

Sites are hacked for mostly two reasons: poor site security and because of what software they run.For vbulletin there have been two major hacking waves in recent years. The first in 2013 when a 0 day vulnerability allowed attackers to access thousands of websites and the second in October 2015 when another 0 day exploit was out in the wild and a month later Coldzer0 accessed all of our admin accounts on vbulletin.com to boot.
So yes, it indeed matters what software you use. I am not a fan of how IB has handled their security issues over the years. I lost count how many vulnerabilities were found by external parties, while IB is still not addressing the issue proactively.
At least IPS hired an external party to do a security audit. IMHO it was time for IB to do same about 6 years ago.

I agree that sites get hacked all the time with all kinds of software. But that's a little bit lame reasoning when looking at hacking waves targeting a mass of vb sites getting after a vbulletin 0 day exploit is released in the hackers community.

 

[rudedog]

Has IB/vB released their "Notice of Data Breach"? yet
Reason I ask, one of the car sites I frequent had all their sites breached last week and have just released their public notice
http://www.verticalscope.com/about-us/notice-of-data-breach.html

Not sure if I missed it or IB/vB has not done so yet, if at all. Which I thought was required by law in California.

 

[lordi]

again vbulletin hacked news

A hacker going by CrimeAgency on Twitter claims to have hacked 126 forums running on vBulletin, stealing personal data belonging to forum admins and registered users, before leaking everything to an underground hacking forum.

The information was verified by breach notification platform Hacked-DB after they managed to scan the data.

Hack Read reports the attack was conducted between January and February 2017. The hacker managed to get his hands on 819,977 user accounts, including email addresses, hashed passwords, as well as 1681 unique IP addresses. Most of the accounts were linked to Gmail - over 219,000, followed by 121,000 Hotmail accounts and 108,000 Yahoo accounts.

The hacker seems to have used multiple security vulnerabilities reported to vBulletin a while back. The issues have been fixed on the latest versions of the software, but the exploit still works on forums that haven't bothered to update. Considering at least one of the issues dates back to last summer, this is sheer negligence or simple carelessness.

Checking which websites use vBulletin is quite easy, such as running Google Dorks, an exploit database. It's just as easy to see which software versions they use and where to attack.

source :

http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml

list of hacked forum

http://pastebin.com/h1Rpq0UL

 

[Paul M]

Edit: Nevermind, I see its already been posted here ;
https://theadminzone.com/threads/vbulletin-hack-exposes-820-000-accounts-from-126-forums.143703/