Almost 820,000 Accounts Leaked in vBulletin Hack

795
vBulletin was hacked between January and February 2017, leading to nearly 820,000 accounts being stolen.

Cybercrime remains to be on the rise and people’s information is always at risk of being used maliciously.

It has been ranked as the 2nd most reported economic crime in 2016 according to Price Waterhouse Coopers, with many companies having been victims of hacking and their information being leaked to criminals for malicious use in 2016 alone.

Your TOR usage is being watched

Some of these companies include Starbucks and Yahoo, amongst many others.

An internet forum software known as vBulletin is the latest victim of a hack resulting in having their data stolen.

It is not the first time it has been subject to a hack, following an incident in 2016.

This widely used software was recently hacked between January and February 2017.

819, 977 accounts of registered users and forum administrators were stolen during the hack and later leaked to a discreetly-operated hacking forum.

The hack happened due to a vulnerability that is present in older versions of vBulletin software.

Hacked-DB, a platform for breach notifications, scanned the stolen data and verified that the accounts were legitimate.

The vBulletin software version that was under attack is vBulletin 4.

The vulnerability in this version created room for other parties to use the Forum Runner add-on to perform SQL injection attacks.

Security patches were released for version 4.2.2 and 4.2.3 of vBulletin.

Those who are using vBulletin versions older than 4.2.2 were urged to upgrade in order to protect themselves from the hack.

Forums that are still using older software versions are still vulnerable to SQL injection.

One of the reasons why so many accounts were collected in the hack is because most users of vBulletin are not using the latest software version.

Read >>
Charleroi Agent Buys Weapons from Dark Web, Arrested

It is always advisable to update any software and applications you use to the latest version as this can protect you from some of the cybercrime activities taking place on the internet.

Some of the boards affected during the recent hack include politics, games, adult movies, and torrent sites among many others.

Cybercriminal activities took place on the internet

In 2016, the forums that were part of the hack included Brazzers, Clash of Kings, Supercell, Epic Games, Grand Theft Auto forum, PakWheels, and ClixSense amongst others.

Out of the nearly 820,000 accounts that were compromised in the hack, over 219,000 belongs to Gmail users, 108,000 belongs to Yahoo users, and 121,000 belongs to Hotmail users.

1681 IP addresses that were unique, as well as hashed passwords, were also stolen in addition to the email addresses of registered users and administrators.

Negligence played predominant part in this instance, noting that it could have been readily prevented.

All that third parties had to do to know which forums to hack was to go to Google Dorks, where a list of all websites that use vBulletin are listed in addition to the software version that they use.

The hacker could have noticed this security flaw as well as information about vulnerability of the software a while back.

It is believed that the hack was performed by a hacker known as “CrimeAgency” on Twitter.

He claimed to have stolen data from more than 100 forums using vBulletin.

Once website owners keep up to date with the software they use, they will avoid a lot of problems that can cause them economic hardships, have negative impacts on their reputation, and put users’ personal information at risk.

Read >>
Dark Web Vendor Allegedly Selling 1M Decrypted Yahoo and Gmail Accounts
Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

3 COMMENTS

LEAVE A REPLY

1: No Contact Information (Thousands have tried, don't bother) 2: No promotional message.

Please enter your comment!
Please enter your name here

Your comment will appear after few minutes if it is allowed by the moderator. Refresh the page to see it.