A couple of weeks ago we reported that a hacker has compromised hundreds of VBulletin based web forums and leaked their data on an underground hacking forum. Now another hacker going by the handle of “Cfnt” has compromised 25 web forums which were using an outdated version of vBulletin forum software. Their data is now being sold on a popular Dark Web marketplace.

The hacked forums are based on vBulletin 4.x which can be exploited by multiple security vulnerabilities including SQL injection attacks. According to vBulletin support forums, the issue was reported in June 2016.

“A security issue was reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you’re using a version of vBulletin four older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible.”

More: Clash of Clans’ Developer “Supercell” Hacked; 1.1 Million Accounts Stolen

The websites using vBulletin can be easily identified using Google Dorks. However, it looks like users are still using the outdated versions of vBulletin, resulting in a large-scale data breach. Last year, several high-profile forums suffered massive data breaches due to the very same security flaw and the fact that all of them were using the outdated version of vBulletin software.

Hacked forums:

The compromised forums belong to different categories including gaming, fitness, technology, utilities, animations, entertainment, social life, network security and others. The links to compromised forums website are available below.

Subagames.com, jefit.com, giaiphapexcel.com, mangafox.me, rappers.in, forums.spybot.info, cashcrate.com, codingforums.com, dcemu.co.uk, asia-team.net, forum.gsmhosting.com, gsmforum.ru, dbforums.com, forums.3dtotal.com, aarinfantasy.com, digital-kaos.co.uk, forum.phun.org, forum.p30world.com, symbianize.com, gpsunderground.com, overclockzone.com, forums.socialpointgames.com, psu.com, mrexcel.com, and forum.daemon-tools.cc.

Suba Games

The Suba Games is a gaming platform which had its forum hacked in November 2016. As a result, decrypted accounts of 6,702,695 registered users and 3,607,390 encrypted accounts were stolen. In total, 10,310,085 accounts are being sold for USD 400.56 (BTC 0.3570). The data includes username, password, user id, security question, IP address and date of birth.

Jefit

Jefit is a workout and fitness tracking software which had their VBulletin based forum compromised in January 2017; as per result accounts of 4,614,067 users were stolen and now being sold on the Dark Web for USD 500.56 (BTC 0.4431). The data contains user id, username, emails, hashed passwords and IP address.

GiaiphapExcel

GiaiphapExcel is a Vietnamese-based Internet utility platform which was hacked in March 2017 and had 980,615 user accounts were stolen. The data contains user id, username, email, hashed password, date of birth and IP address and available for sale in 200.56 (BTC 0.1792).

Manga Fox

Manga Fox is a website and forum based on Japanese comics called Manga. They are in the news because hackers stole 1,349,167 user accounts from its web forum in February 2017, and now are being sold for USD 100.56 (BTC 0.0897). The data includes forum ids, usernames, emails, hashed passwords and IP addresses.

Rappers

As evident by its name, Rappers is a music related website based in Germany, however since the site’s forum was using the outdated vBulletin software, it was compromised back in August 2016 allowing hackers to steal 615,579 user accounts. The data includes forum IDs, usernames, emails and their encrypted passwords while the price set for this listing is USD 100.56 (BTC 0.0901).

Safer Networking’s Spybot

Spybot.info is a web forum owned by Safer Networking known for developing anti-malware software called Spybot. However, when it comes to their security, Safer Networking web forum was using the outdated version of vBulletin software. As a result, the forum was compromised in February 2017, and accounts of 117,404 users were stolen. The data contains forum IDs, usernames, emails, hashed passwords and IP addresses while the price set for this listing is USD 100.56 (BTC 0.0896).

Cash Crate

Cash Crate is an online survey and offers completion website. Their forum was also using the outdated version of vBulletin software which was compromised in June 2016. As a result accounts of 6,895,604 users were stolen. Now, these accounts are being sold on the Dark Web for USD 500.52 (BTC 0.4784) and include names, emails, phone numbers, amount earned through surveys, city, zip codes, country and PMs. There are 2,235,088 plain text passwords and 4,660,517 MD5 hashes.

Coding Forum

As its name indicates the forum is all about coding, programming, software, graphics and web development. This forum was breached in February 2017, and 426,698 user accounts were stolen. The data contains forums IDs, username, emails, hashed passwords and IP addresses while the price set for this listing is USD 200.53 (BTC 0.1905).

DCEmu UK

DCEmu is a UK based gaming and networking forum still using the old version of vBulletin software. The forum was compromised in February 2017 with 481,689 user accounts stolen. The stolen data include forums IDs, username, emails, hashed passwords and IP addresses while the price set for this listing is USD 100.52 (BTC 0.0962).

Asia-Team

Asia-Team is a Spanish language forum featuring downloading of Japanese TV dramas and movies. They suffered a data breach in February 2017, in which 223,275 users accounts were stolen including data such as forum IDs, username, emails, hashed passwords and IP addresses while the price set for this listing is USD 100.51 (BTC 0.0976).

GSM Hosting

GSM Hosting is a smartphone related web forum with over 8 million posts. However, when it comes to security, they are still using an outdated version of vBulletin software leading attackers to breach and steal user data. In this case, the forum was breached in August 2016, when 2,611,291 user accounts were stolen. Now, the data is being sold for USD 500.50 (BTC 0.4965) and includes forum IDs, username, emails, hashed passwords and IP addresses.

Gsm Forum Russia

Gsmforum.ru is a Russian language technology forum compromised by hackers in July 2016, and now, its data is being sold on the dark web marketplace for USD 300.50 (BTC 0.3003). The data includes forum IDs, username, emails, hashed passwords and IP addresses of registered users.

dB Forums

The dB forums is an English language web forum dedicated to providing everything on databases, design, developers and administrators. The forum also works as a gateway between developers and those with questions about databases, however, this time they are in the news for all the wrong reasons, since their administrators were using an outdated version of vBulletin software and suffered a breach in July 2016. The hackers are selling 363,336 accounts of registered users for USD 100.50 (BTC 0.0998). Furthermore, the data includes forum IDs, username, emails, hashed passwords and IP addresses.

3D Total forum

3D Total is a popular 3D resource website while it also has a quite active web forum which was breached by hackers in June 2016, allowing hackers to steal its database containing 126,705 accounts. The database contains forum IDs, username, emails, hashed passwords and IP addresses of register users which are available for sale for USD 100.50 (BTC 0.1000).

Aarin Fantasy Gaming

Aarin Fantasy gaming forum that was hacked in February 2017. The forum’s admin has acknowledged the breach. However, it’s too late since the data is already being sold on the Internet. Upon scanning the listing, it can be seen that the vendor is selling 448,690 and 128,955 accounts which were stolen from Joomla database. The price for this listing is USD 100.50 ( BTC 0.1000) while the data contains forum IDs, username, emails, hashed passwords, data of birth and IP addresses.

Digital Kaos

Digital Kaos is a UK based web forum aimed at cable tv, satellite tv, games console and PC enthusiasts. Like others, Digital Kaos was also targeted in July 2016, due to the security flaw in old VBulletin forum software. As a result, hackers stole its database containing 449,928 accounts which are now being sold for USD 200.50 (BTC 0.1980). The data includes forum IDs, username, emails, hashed passwords, data of birth and IP addresses.

Phun Forum

Phun is a so-called celebrity entertainment blog which is famous for sharing illegal content including private photos of Hollywood celebrities without their permission. Their forum suffered a security breach in which a database containing 612,392 user accounts was stolen in July 2016, including IDs, username, emails, hashed passwords, data of birth and IP addresses. The database is now being sold for USD 200.50 (BTC 0.1982).

P30world forum

P30world is one of the most visited technology related websites in Iran. Its Persian language forum suffered a massive data breach in August 2016, in which a database containing 1,277,244 accounts was stolen containing forum IDs, username, emails, hashed passwords, data of birth and IP addresses. Currently, these accounts are being sold for USD 200.47 (BTC 0.2116).

Symbainize forum

Symbainize is a Philippine language technology related forum providing news, updates and information on apps, gaming, VPN, and smartphones. The forum suffered a data breach in August 2016, in which 1,293,266 user accounts were stolen and now sold for USD 200.47 (BTC 0.2117). The data contains forum IDs, username, emails, hashed passwords, data of birth and IP addresses.

GPS Underground forum

As evident by its name, the forum provides news and updates related to GPS products and technology. The forum was once hacked in May 2010 when hackers had destroyed its database forcing users to register again however what they are not familiar with is that the forum was hacked again in July 2016, where hackers stole 668,421 user accounts including forum IDs, username, emails, hashed passwords, data of birth and IP addresses. The data is now being sold on the dark web for USD 100.47 (BTC 0.1059).

Overclock Zone forum

Overclock is one of the largest hardware and technology related website in Thailand with massive social media following. That’s the reason hackers couldn’t keep their eyes away from its forum and ending up hacking 530,952 user accounts in October 2016. The data contains forum IDs, username, emails, hashed passwords, data of birth and IP addresses which are now being sold on the dark web for USD 200.47 (BTC 0.2120).

Social Point forum

Social Point is a firm specializing in mobile, action, social and strategy gaming, with mega-hits like Dragon City, Monster Legends, the new World Chef and Dragon Land, and an active fan base of more than 50 million players. But when it comes to securing their forum they have utterly failed since hackers breach the forum in October 2016, and stolen database containing 1,820,257 user accounts. The stolen data includes forum IDs, username, emails, hashed passwords, data of birth and IP addresses which are now being sold on the dark web for USD 200.47 (BTC 0.2121).

PlayStation Universe (PSU) forum

PSU is famous for its PlayStation-related news, reviews, previews, features and guides. Its forum nevertheless will now be famous for being hacked since its administrators were using the outdated and so, vulnerable version of vBulletin software. In September 2016, the PSU forum was breached allowing hackers to steal the database containing 226,601 user accounts including forum IDs, username, emails, hashed passwords, data of birth and IP addresses. The data is now being sold on the dark web for 100.47 (BTC 0.1063).

Mr. Excel forum

Mr. Excel is a world-renowned platform providing Excel Tips and Solutions Since 1998. Mr. Excel joined the party when their forum was hacked August 2016, when hackers stole a database containing 379,690 accounts. The data included forum IDs, username, emails, hashed passwords, data of birth and IP addresses which are now being sold for USD 100.47 (BTC 0.1070).

Daemon Tools forum

Daemon Tools is a software community which also provides news and updated on tech and gaming. Its forum suffered a data breach in which 427,151 user accounts were stolen including forum IDs, username, emails, hashed passwords, data of birth and IP addresses. Although the data was stolen in taken in December 2016, it is being sold now, for USD 100.47 (BTC 0.1066).

In total, the vendor is selling over 38 million accounts (38,464,046). If you have an account on any of the forums mentioned above, we advise you to change its password. Also, change your password on other websites in case you are using the same password.

More: 21 Million Decrypted Gmail, 5 Million Yahoo Accounts Being Sold on Dark Web

Editor’s note:

At HackRead we are strictly against selling users account over the Internet – We as a publication or individuals have no connection with dark web vendors, and no account was ever accessed during the scanning process we performed.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.