Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

News by Jeremy Seth Davis

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing the personal information of 27 million accounts, according to the breached data monitoring service LeakedSource.

Most of the accounts were accessed associated with gaming websites on the Russian Internet company and e-mail platform mail.ru. The breached websites used outdated versions of the vBulletin software that contained SQL Injection flaws in the Forum Runner add-on.

LeakedSource told PCWorld that four or five attackers exploited a SQL injection vulnerability in vBulletin's forum software. “Unfortunately we can confirm the existence of a 0day Vbulletin exploit. Expect lots of data to be added to LeakedSource,” the monitoring service tweeted last month.

The breached user information included usernames, email addresses, phone numbers, IP addresses, birthdays, and phone numbers. Several other domains were also breached, including expertlaw.com, ageofconan.com, anarchy-online.com, freeadvice.com, gamesforum.com, longestjourney.com, ppcgeeks.com, and thesecretworld.com.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike