Cybercrime remains to be on the rise and people’s information is always at risk of being used maliciously.
It has been ranked as the 2nd most reported economic crime in 2016 according to Price Waterhouse Coopers, with many companies having been victims of hacking and their information being leaked to criminals for malicious use in 2016 alone.
Some of these companies include Starbucks and Yahoo, amongst many others.
An internet forum software known as vBulletin is the latest victim of a hack resulting in having their data stolen.
It is not the first time it has been subject to a hack, following an incident in 2016.
This widely used software was recently hacked between January and February 2017.
819, 977 accounts of registered users and forum administrators were stolen during the hack and later leaked to a discreetly-operated hacking forum.
The hack happened due to a vulnerability that is present in older versions of vBulletin software.
Hacked-DB, a platform for breach notifications, scanned the stolen data and verified that the accounts were legitimate.
The vBulletin software version that was under attack is vBulletin 4.
The vulnerability in this version created room for other parties to use the Forum Runner add-on to perform SQL injection attacks.
Security patches were released for version 4.2.2 and 4.2.3 of vBulletin.
Those who are using vBulletin versions older than 4.2.2 were urged to upgrade in order to protect themselves from the hack.
Forums that are still using older software versions are still vulnerable to SQL injection.
One of the reasons why so many accounts were collected in the hack is because most users of vBulletin are not using the latest software version.
It is always advisable to update any software and applications you use to the latest version as this can protect you from some of the cybercrime activities taking place on the internet.
Some of the boards affected during the recent hack include politics, games, adult movies, and torrent sites among many others.
In 2016, the forums that were part of the hack included Brazzers, Clash of Kings, Supercell, Epic Games, Grand Theft Auto forum, PakWheels, and ClixSense amongst others.
Out of the nearly 820,000 accounts that were compromised in the hack, over 219,000 belongs to Gmail users, 108,000 belongs to Yahoo users, and 121,000 belongs to Hotmail users.
1681 IP addresses that were unique, as well as hashed passwords, were also stolen in addition to the email addresses of registered users and administrators.
Negligence played predominant part in this instance, noting that it could have been readily prevented.
All that third parties had to do to know which forums to hack was to go to Google Dorks, where a list of all websites that use vBulletin are listed in addition to the software version that they use.
The hacker could have noticed this security flaw as well as information about vulnerability of the software a while back.
It is believed that the hack was performed by a hacker known as “CrimeAgency” on Twitter.
He claimed to have stolen data from more than 100 forums using vBulletin.
Once website owners keep up to date with the software they use, they will avoid a lot of problems that can cause them economic hardships, have negative impacts on their reputation, and put users’ personal information at risk.