VBulletin Issue Leaks Almost a Million Accounts From Various Forums

Almost 820 000 accounts hosted on various Internet forums have been leaked due to an exploit caused by running an older version of the software.

VBulletin Forums Leak A Lot Of Data

A new large-scale vBulletin hack was recently reported by security experts. According to the available information the dumped database contains almost 820 000 accounts from 126 forums. The exploit was verified by the breach notification service Hacked-DB, the attacks were conducted between January and February 2017. The information includes the usernames, email addresses, hashed passwords and the associated IP addresses.

Most of the accounts were linked to the most widely used free email services – Gmail, Hotmail and Yahoo. The criminals behind the attack probably utilized multiple security issues that have been reported to being available in older versions of the VBulletin software. In the latest version they have been removed, however it seems that a large number of online communities have not updated their installations at the time of the intrusion. The initial announcement about the security problems were posted in June 2016:

“A security issue was reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you’re using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible.”

The forums running the software can easily be identified by using ordinary search engines. The security experts report that the following sites have been affected by the leak.

2ndfloor.org
aippm.com
aosts.net
atheistfoundation.org.au
aussievapers.com
backcountrytalk.earnyourturns.com
barcaforum.com
bdsmfap.com
http://birdphotographers.net
http://blacklistedsociety.com
http://blaze-gaming.net
http://bleachmyasylum.com
http://bluepark.co.uk
http://bluepearl-skins.com
http://board.uscho.com
http://breezesysforum.co.uk
http://callofduty-community.com
http://calltermination.com
http://campgroundmaster.com
canwatchco.ca
http://clan-gameover.com
http://clubdbsa.org
http://community.freebord.com
http://community.playkot.com
darkmills.cc
http://darkstar-gaming.com
http://devil-group.com
http://divxup.com
http://doublefinish.com
http://downloadpolitics.com

Front Page


http://eirtakon.com
http://elluel.net
http://ewebdiscussion.com
http://filmleaf.net
http://fishingboard.net
http://foilforum.com
http://forum.atlasti.com
http://forum.diversitynursing.com
http://forum.epygi.com
http://forum.jdmstyletuning.com
http://forum.pitofwar.com
http://forum.rompvp.com
http://forum.zenstudios.com
http://forums.augi.com
http://forums.bandainamcogames.com
http://forums.cashisonline.com
http://forums.kingsoftherealm.com
http://forums.mra-racing.org
http://forums.prowrestling.com
http://forums.superbetter.com
http://forums.supertrapp.com
forums.zarafa.com
fpvlab.com
free-dc.org
ftxgames.com
gaijingamers.com
gonegambling.com
gossamerblue.com
greenstandardsltd.com
gtsportstalk.com
hawkeshealth.net
hindudharmaforums.com
italianhax.com
joyheat.com
kirupa.com
koboxingforum.com
leakninja.com
ludoria.net
maiestas.org
marijuanagrowing.com
mernetwork.com
mixbizz.com
mtsboard.com
narc.net
new-smoke.com
nflfans.com
nifgaming.eu
nsxprime.com
ozzmodz.com
pascalgamedevelopment.com
pashnit.com
pathfinder-airsoft.com
pixelentity.com
pixelgoose.com
progressiveears.org
psychonaut.com
rangevideo.com
reasonforums.com
ridetherock.com
righttorebel.net
riseofchampions.com
roaddevils.com
safeskyhacks.com
scenesat.com
sectionseven.net
sedona.com
sledderforums.com
smallblockposse.com
smallworlds.com
spurstalk.com
supermensa.org
swgreckoning.com
systemtools.com
techimo.com
tequila.net
tetongravity.com
texasguntalk.com
the420room.com
thefobl.com
thehousebreakingbible.com
thewalkingdeadgaming.co.uk
torrent-invites.com
tropicalflowersforums.com
tupacfanbase.com
ulfencing.net
va-outdoors.com
vapersforum.com
vigilantgaming.net
vill.ee
vrtalk.com
wildraiderz.com
xboxforum.com
xsyon.com
yojoe.com
zonehacks.com

How disturbing is this problem?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *