vBulletin Hacked

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Wayne Luke, technical support lead at vBulletin, recently announced that the company's security team had uncovered "sophisticated attacks on our network, involving the illegal access of forum user information" (h/t Softpedia).

According to Luke, the attackers appear to have accessed vBulletin customer IDs and encrypted passwords -- in response, all customer passwords have been reset.

Softpedia reports that members of Inj3ct0r Team have claimed responsibility for the attack on vBulletin, as well as last week's breach of the MacRumors Forums.

The hackers told Softpedia by e-mail that they had leveraged a "critical vulnerability" in vBulletin version 4.x.x and 5.x.x. "We've got upload shell in vBulletin server, download databse and got root," they wrote. "MacRumors.com was based on vBulletin CMS. We use 0day exploit on vBulletin, got password moderator. 860000 hacked too. The network security is a myth."

In response, DEF CON recently shut down its forums, replacing them with a page stating, "We have disabled the forums until there is resolution on a possible vulnerability."