Software vBulletin.com hacked

[Second Summer]

Hacker Coldroot claims responsibility for the attack

It appears that a zero-day vulnerability in the vBulletin forum package allowed an Egyptian hacker to breach the official vBulletin website and the forums of Foxit Software, which was using vBulletin for its forum section.

The hacker is Mohamed Osama who, as soon as he pulled off the attack, started bragging to @Cyber_War_News on Twitter.

More: http://news.softpedia.com/news/vbul...letin-website-and-foxit-software-495620.shtml (2. November, 2015)

vBulletin is the most common commercial forum software on the Internet, though its market share has been plummeting in recent years. It's used by big sites like mothering.com, MoneySavingExpert, DigitalSpy, TheStudentRoom, and of particular interest to members here: VB.

If a hacker can break into vBulletin.com itself, then one must assume all sites running vBulletin software are at risk. If you have an account at any of these sites and it's using your favourite password, then it might not be such a good password any more.

 

[Blobbenstein]

I think someone hacked my VB account the other year...you could enter endless password attempts...it limits it to eg 5 now....that is such a silly security flaw though; unlimited password attempts...prob even a 7yo computer kid could hack that.

But as I said VB fixed that.

 

[Amy SF]

Even though I don't actually visit VB anymore, I just went over there and changed my password as a precaution.

 

[beancounter]

yea, I haven't thought of, or visited VB in ages.

 

[Moll Flanders]

Even though I don't actually visit VB anymore, I just went over there and changed my password as a precaution.

I was going to do the same but can someone tell me do I need to do that if I don't log in there any more?

 

[Second Summer]

The only real problem for normal users is if you're using a password that you also use elsewhere, like ebay or paypal or amazon where a hacker could get access to your money or other valuables.

A hacker will normally not care about normal users' accounts on forums.

 

[Blobbenstein]

I think I should be ok with that anyway, as I use unique passwords for anything important....I think..

 

[PTree15]

Hmmm, I think I have a couple of forums where it might be a good idea to change the password. Thanks for the heads-up.

 

[Jeremy]

This thread kind of reminded me... Someone changed my avatar on VB ages ago clearly as an attempt to insult me... Not sure if someone internally at VB doesn't like me or if my account was compromised lol