Announcement

Collapse
No announcement yet.

819,977 accounts leaked on hacking forums (TI is on the list)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 819,977 accounts leaked on hacking forums (TI is on the list)

    Source: https://www.hackread.com/vbulletin-f...d-data-leaked/

    And look who is on the pastebin list that is linked to in the article.... yes, *cough* TI wth!!!

    26 vBulletin forums hacked; 819,977 accounts leaked on hacking forums

    by Waqas February 27, 2017, 8:53 pm Email @hackread

    vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software’s old versions allowing hackers to breach any forum who hasn’t been updated to the latest version.

    Recently, a hacker going by the online handle of “CrimeAgency” on Twitter is claiming to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. The data was scanned by online data mining and breach notification platform Hacked-DB.
    The data has been uploaded on hacking forms in .txt files.

    The hack was conducted between January and Febuarary 2017 in which 819,977 user accounts were stolen from the vulnerable forums. The stolen data includes email addresses, hashed passwords, and 1681 unique IP addresses while the email count based on domains is Gmail: 219,324 accounts, Outlook: 11,070 accounts, Yahoo: 108,777 accounts and Hotmail: 121,507 accounts.

    Screenshot shows emails and hashed passwords of users

    An overall majority of the hacked forums are based on vBulletin 4.x which can be exploited by multiple security vulnerabilities including SQL injection attacks. According to vBulletin support forums, the issue was reported in June 2016.

    “A security issue was reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you’re using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible.”

    The websites using vBulletin can be easily identified using Google Dorks. However, it looks like users are still using the outdated versions of vBulletin, resulting in a large-scale data breach. Last year, several high-profile forums suffered massive data breaches due to the very same security flaw and the fact that all of them were using the outdated version of vBulletin software.

    The list of hacked forum is available on Pastebin. Remember, some of the forums mentioned in the list are NSFW.

    The forums targeted last year include Clash of Clans’ Developer “Supercell,” Clash of Kings, Pakistan automotive giant PakWheels, Adult website Brazzers, Epic Games, ClixSense, hacking, trading forum w0rm.ws, Exile Mod games, LifeBoat, and Grand Theft Auto (GTA) Fan forum.

    If you are using an outdated version of vBulletin it is highly recommended to update your forum to the latest version.

  • #2
    Interesting. Trying to find proof, but can't seem to validate any data that this article claims.
    [MENTION=1]Dave[/MENTION] [MENTION=171424]Shadowbuild[/MENTION] - This might interest you guys.
    "Our virtues and our failings are inseparable, like force and matter. When they separate, man is no more." - Nikola Tesla

    Comment


    • #3
      Yeah, as soon as I put my teeth back in my mouth, I changed my email and password. However, that isn't good enough as this site is (apparently) open, maybe a site wide alert will be needed and the much needed updates applied.

      Comment


      • #4
        Thanks for posting this. Password & email changed.

        Comment


        • #5
          Well isn't that just great.

          Comment


          • #6
            need to pay attention here ...

            Comment


            • #7
              I read the article but what's the point of changing our passwords if they haven't updated the vBulletin to fix this?

              Comment


              • #8
                Good question,

                I reset my pw frequently in the hope that whoever hacked into this site is not going to revisit the scene of the crime to get a pw data/hash update ;)

                I would never trust any site to not get hacked, so every pw I have is unique to confine any hacker to the hacked site, now, with a new pw each day or whatever, the hacker is even more limited and easier fruit will exist, damage limitation until someone official manages the break-in.

                Speaking of which, it's a little worrying that there has not been an official response on this.
                Last edited by GameOn; March 3, 2017, 09:01 AM.

                Comment


                • #9
                  7 days later and nothing... has site maintenance stalled or is everyone of auth playing hidy boo on this? Perhaps we should link to this thread from the "Can we count to 25 before an admin realises" thread, i mean, come on people, where are you!?!?

                  Comment


                  • #10
                    So did I miss a post here or is this still open?

                    Interestingly, around the time of this breech I got slammed by two sites for participating on here, despite careful obfuscation. Coincidence?

                    Comment


                    • #11
                      Originally posted by MBR View Post
                      Interestingly, around the time of this breech I got slammed by two sites for participating on here, despite careful obfuscation. Coincidence?
                      Did you use the same email address to sign up to the two sites and to TI?

                      Comment


                      • #12
                        Any proof about that's true?

                        Comment


                        • #13
                          Originally posted by vector View Post
                          Did you use the same email address to sign up to the two sites and to TI?
                          I did not.. and that's what's got me scratching my head. Different emails, different usernames. The only thing in common would have been IP address. Of course the sites in question were not forthcoming with their information or how they attained it when the curtly kicked my ass to the curb. Bums.

                          Comment


                          • #14
                            To address any concerns about this, I have completely disabled access to forumrunner on T-I. With nothing to exploit, we are all safe from this. @Daveis the only one that can update the vBulletin version that includes patches. However, for now, we are all safe from this exploit.
                            JOIN US ON IRC FOR CHATTING, FUN, GAMES & PRIZES!

                            How To Connect To IRC

                            IRC Word Game
                            IRC Word Game Prizes


                            Comment


                            • #15
                              Originally posted by Poopderp View Post
                              To address any concerns about this, I have completely disabled access to forumrunner on T-I. With nothing to exploit, we are all safe from this. @Daveis the only one that can update the vBulletin version that includes patches. However, for now, we are all safe from this exploit.
                              Thanks for this!

                              Comment

                              Working...
                              X