On Sunday, the vBulletin official website has been hacked by an attacker using the moniker “Coldzer0.” The website has been defaced and the vBulletin forum was displaying the message “Hacked by Coldzer0.”
At the time I was writing the website is down for maintenance and there are no details on the attack, according to DataBreaches.net, vBulletin, Foxit Software forums have been hacked by Coldzer0 that has stolen hundreds of thousands of users’ records.
The hacker published screenshots that show he managed to upload a shell to the vBulletin forum website and accessed user personal information, including user IDs, names, email addresses, security questions and answers, and password salts).
I suggest users to change their passwords as soon as possible, especially if they share the same credentials across other websites.
DataBreaches.net has linked the online moniker “Coldzer0” to the malware analyst and security researcher Mohamed Osama. The Egyptian expert Osama has promptly removed all references to the vBulletin attack from his social media accounts. Osama has also deleted his personal website, coldroot.com, after his name was in the headlines due to the attack to vBulletin.
The hacker claims to have exploited a zero-day vulnerability affecting the vBulletin forum to hack the popular application.
It is not the first time that hackers target vBulletin, in 2013 experts at Security firm Imperva discovered that more than 35000 websites based on vBulletin CMS were hacked exploiting a known vulnerability.
(Security Affairs – vBulletin forum, hacking)