Zero-Day Attack Compromises a Half-Million Web Forum Accounts

November 4, 2015 – 4:14 PM

Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two.

“Coldzer0” said in a post co-authored with @Cyber_War_News that he exploited the same zero-day vulnerability for both domains, and was able to access user IDs, full names, email addresses, security questions and corresponding answers (both in plain text) and salted passwords for hundreds of thousands of users.

For its part, vBulletin has confirmed that an attack happened: “Very recently, our security team discovered a sophisticated attack on our network,” the company said in a post. “Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems.”

The issue affects vBulletin versions 5.1.4 to 5.1.9, it said, and has issued a patch, presumably for the zero-day, and has also forced a password reset for all of its users.

Tod Beardsley, principal security research manager at Rapid7, said in an email that it looks like the vBulletin attack was due to an SQL injection bug in vBulletin’s forum software.


You must be logged in to post a comment.