engine - 2:57 pm on Nov 18, 2013 (gmt 0)
In a statement published on their forums a couple of days ago, vBulletin’s Wayne Luke revealed that their security team discovered a sophisticated cyberattack on their systems.
“Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems,” Luke noted.
User passwords have been reset. Zero Day Exploit Hits vBulletin Versions 4.x.x and 5.x.x [news.softpedia.com]
The hackers claim to have leveraged a “critical vulnerability” in vBulletin versions 4.x.x and 5.x.x. They say they’ve exploited the same zero-day vulnerability to breach MacRumors.com.
“We've got upload shell in vBulletin server, download database and got root,” the hackers said via email. “Macrumors.com was based on vBulletin CMS. We use 0day exploit on vBulletin, got password moderator. 860000 hacked too. The network security is a myth.”
Hackers May Have Stolen 800,000 User Details From Mac Forum [webmasterworld.com]
Report: 35,000 vBulletin Sites Easily Hacked Through Failure To Follow Security Advice [webmasterworld.com]