• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

126 vBulletin forums hacked; 819,977 accounts leaked on hacking forums

February 27th, 2017 Waqas Hacking News, Leaks, Security 0 comments
126 vBulletin forums hacked; 819,977 accounts leaked on hacking forums
Share on FacebookShare on Twitter

vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software’s old versions allowing hackers to breach any forum who hasn’t been updated to the latest version.

Recently, a hacker going by the online handle of “CrimeAgency” on Twitter is claiming to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. The data was scanned by online data mining and breach notification platform Hacked-DB.

The data has been uploaded on hacking forms in .txt files.

The hack was conducted between January and Febuarary 2017 in which 819,977 user accounts were stolen from the vulnerable forums. The stolen data includes email addresses, hashed passwords, and 1681 unique IP addresses while the email count based on domains is Gmail: 219,324 accounts, Outlook: 11,070 accounts, Yahoo: 108,777 accounts and Hotmail: 121,507 accounts.

[fullsquaread][/fullsquaread]


Screenshot shows emails and hashed passwords of users

An overall majority of the hacked forums are based on vBulletin 4.x which can be exploited by multiple security vulnerabilities including SQL injection attacks. According to vBulletin support forums, the issue was reported in June 2016.

“A security issue was reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you’re using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible.”

The websites using vBulletin can be easily identified using Google Dorks. However, it looks like users are still using the outdated versions of vBulletin, resulting in a large-scale data breach. Last year, several high-profile forums suffered massive data breaches due to the very same security flaw and the fact that all of them were using the outdated version of vBulletin software.

The list of hacked forum is available on Pastebin. Remember, some of the forums mentioned in the list are NSFW.

[fullsquaread][/fullsquaread]

The forums targeted last year include Clash of Clans’ Developer “Supercell,” Clash of Kings, Pakistan automotive giant PakWheels, Adult website Brazzers, Epic Games, ClixSense, hacking, trading forum w0rm.ws, Exile Mod games, LifeBoat, and Grand Theft Auto (GTA) Fan forum.

If you are using an outdated version of vBulletin it is highly recommended to update your forum to the latest version.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • hacking
  • internet
  • LEAKS
  • Privacy
  • security
  • vBulletin
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article New Phishing Scam Targets Digital Payment and Online Banking Users
Next article Our TV Viewing Habits Can Be Monitored for the Benefit of Marketers
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

37
Why you should never use free a VPN
Drones

Why you should never use free a VPN

26
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

209

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us