i read the article, but aren't very knowledgeable in this area, and don't understand why this would cause so much concern. This is because most forum sign-ups don't require you to give any important personal information. Usually all that's required for sign-up is an email address and a password.

So the only risk that I can see is that someone who got your sign-up information could log in and post false messages under your moniker, and this doesn't seem very worrisome to me.

So what am I missing that makes this such a major concern?

Yeah, I'm not seeing it as such a big deal.

They are forcing password resets anyway. Your customer number is generated by them. So the only real risk is that they get a password and email and blast it all over the net to signup. Don't use the same UN and password everywhere and you're good.

The Administrators' passwords were in there too, major alterations can be made to a site with those keys.

The same server housed client accounts, not only forum accounts. It is a big deal.

The same server housed forgotten password security questions, a big deal.

The same database contained forum client information which could be used for social engineering hacks: location and birthdays.

VBulletin failed to notify clients for 5 days. A big deal.

VBulletin was notified of the exploit by Checkpoint software a month earlier, and failed to patch the product until after the exploit was used to compromise their own servers. Not taking reports of a serious exploit and addressing them immediately, a big deal.

And as of yesterday, continuing to use a 2 year old version of JIRA with known exploits rather than upgrading. A big deal.

Vbulletin is as dead as it can be. After many years with them I recently started looking into an alternative and hopefully within a year will be switching.

Agree. I have several XF forums, and held on to 3 VB 4.x forums.... until now. This was the nail in the coffin, and the remaining forums are scheduled for XF migration.

"After many years with them I recently started looking into an alternative and hopefully within a year will be switching."

I was one of the first 10 customers to buy into vBulletin in the early days, moving from UBB (a perl based flat file forum - no DB, statically generated html pages).

Given the lack of support for mobile - you're essentially hostage to Tapatalk or their own clients, and modernisation of the interfaces (programatic / UI-UX) I've also started plotting my exit. This time around, we're building our own solution which will be mobile first (an app with a desktop client) forcing us to think APIs, performance and reactivity.

Not sure if XF is the solution either - for me the closest were NodeBB and Flarum. But both of these are rather immature platforms which are ok as forums, but not there yet for communities (think classifieds, event calendars, groups, resource listings) AND lack comprehensive app support.

For those evaluating forum software providers, I can also recommend UBBForum by SocialStrata. They also have a product called Hoop.la that incorporates forums, blogs, chats, surveys and more. Both Hoop.la and UBBForum products will be Responsive with their new software update come Nov/Dec 2015.

I've been a user of their software and very much like their offering. One thing to note: their Customer Support is phenomenal. Their support forums are active and they respond to questions / comments / problems extremely fast.

I would seriously consider this company in your evaluation. Please note: I make this recommendation simply as a customer. I don't work for them or get paid for referrals in any way.

I'm moving everything I have left on other platforms to Xenforo because it's fully responsive, works great on mobile, extremely active add-on developer community, and in most cases not only can you import the data from other systems (which most BBs can do), but also do so without users having to reset passwords. As a coder myself, the active developer community was a huge plus.