Wayne Luke, technical support lead at vBulletin, recently announced that the company's security team had uncovered "sophisticated attacks on our network, involving the illegal access of forum user information" (h/t Softpedia).
According to Luke, the attackers appear to have accessed vBulletin customer IDs and encrypted passwords -- in response, all customer passwords have been reset.
The hackers told Softpedia by e-mail that they had leveraged a "critical vulnerability" in vBulletin version 4.x.x and 5.x.x. "We've got upload shell in vBulletin server, download databse and got root," they wrote. "MacRumors.com was based on vBulletin CMS. We use 0day exploit on vBulletin, got password moderator. 860000 hacked too. The network security is a myth."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
In response, DEF CON recently shut down its forums, replacing them with a page stating, "We have disabled the forums until there is resolution on a possible vulnerability."