vBulletin

The company vBulletin Solutions, forum software maker, has forced the reset of over almost 480,000 passwords of its website subscriber’s accounts after discovering there had been a cyber intrusion on its systems. The breach occurred on Halloween, October 31, 2015. Immediately after the breach, the website was taken offline while vBulletin addressed the issue.

After going back online, the software maker posted a warning on its website to its users of the mandatory password reset, while informing them that the hackers may have been able to access customer information and encrypted passwords.

Just hours after learning of the breach, vBulletin posted another bulletin announcing the release of emergency security patches for its forum software users to download.

It was ultimately determined, after an investigation, that the hackers stole users’ dates of birth, email addresses, Instant Messenger IDs, IP addresses, passwords and security questions and answers in the breach.

The company seemingly made no efforts to contact its customers individually other than the posts made on their web site, leaving the customers who don’t happen to be on their site vulnerable to cyber thieves and further attacks if they aren’t aware of the necessity to download the security patches, to change passwords or to sign up for additional personal data protection software to protect the data that may have been stolen.

Below is the password reset post from the vBulletin website, published on November 2, 2015:

We take your security and privacy very seriously. Very recently, our security team discovered a sophisticated attack on our network. Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect your account. To regain access to your account:

Click forgot password link on login box

Open email, follow instructions to click on new password link

New temporary password will be emailed to you.

Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.

 

Additional Resources About This Breach:

http://breachorclear.jesterscourt.cc/query-hit.php?string=johndoe

https://haveibeenpwned.com/PwnedWebsites#

http://www.theregister.co.uk/2015/11/03/vbulletin_forum_software_hacked_defaced/

http://krebsonsecurity.com/2013/11/vbulletin-breach-prompts-password-reset/

http://arstechnica.com/security/2015/11/vbulletin-password-hack-fuels-fears-of-serious-internet-wide-0-day-attacks/

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4332165-vbulletin-com-password-reset

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4332166-security-patch-release-for-vbulletin-5-connect-versions-5-1-4-through-5-1-9

Have You Been Hacked?

*Cyber breach data provided by Have I Been Pwned

Enter your email or username to see if your information was compromised.

Have You Been Hacked?