vBulletin has suffered a severe attack last week, in response it informed users that all passwords had been reset. According to the vBulletin developer Paul Marsden one of the Germany servers was breached by an unauthorized party.
“Due to the discovery yesterday of unauthorized access to of one of the VBG servers it is possible the hacker may have gained access to other vb systems as well. Therefore we have again taken the precaution of resetting all user password hashes. To be able to login to the site you will need to use the lost password functionality.
We apologise for any inconvenience this may cause.” said Marsden.
The attackers have breached the Germany (VBG – “vbulletin-germany.com”) server, a circumstance that could have allowed them to access other systems of the organization, including “vBulletin.com” and “vBulletin.org.”
At the time I was writing there aren’t other details on the data breach, Marsden highlighted that hackers haven’t used any exploits, a claim supported by the fact that the hackers server doesn’t run any instance of the popular CMS.
Mardden believes attackers have carefully planned the attack:
“I can tell you it wasnt via any vB exploit – in fact, the VBG site doesnt run vbulletin. Someone clearly targetted the site, it was obvious they had planned this quite carefully.”said Marsden.
This isn’t the first time that the platform is targeted by hackers, in November 2015, the official forum was shut down after a hacker using the online moniker “Coldzer0” defaced it.
The website has been defaced and the forum was displaying the message “Hacked by Coldzer0.”
According to DataBreaches.net, vBulletin, Foxit Software forums have been hacked by Coldzer0 that stole hundreds of thousands of users’ records.
The hacker published screenshots that show he managed to upload a shell to the forum website and accessed user personal information, including user IDs, names, email addresses, security questions and answers, and password salts).
As usual, I strongly suggest users to change the passwords on any other website where they shared the same login credentials.
(Security Affairs – data breach, hacking)