Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Millions of accounts from 25 vBulletin forums for sale on dark web


Millions of accounts from 25 vBulletin forums for sale on dark web

The dark web has been flooded with millions of accounts from recently compromised vBulletin forums. A hacker using the name Cfnt claimed to have hacked 25 web forums, which were running on outdated versions of the vBulletin software.

Among the compromised forums are subagames.com, rappers.in, forums.spybot.info, cashcrate.com, codingforums.com, dcemu.co.uk, asia-team.net, dbforums.com and forums.3dtotal.com.

Around 38 million accounts from the 25 hacked forums are now up for sale in a popular dark web marketplace. The hacked forums were all running on vBulletin 4.x, which is vulnerable to SQL injection. The security issue with this version was reported in June 2016, according to vBulletin support forums.

A warning to those using older vBulletin versions last year reads: A security issue was reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you are using a version of vBulletin four older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible.

Lists of accounts from each of the forums are being sold for around $150.

It is highly recommended that users with accounts on such vBulletin forums change their passwords now.


Comments
Sorry but there are no comments to display