Joe
03-11-2015, 22:11
Link shamelessly lifted from A N Other forum:
http://www.theregister.co.uk/2015/11/03/vbulletin_forum_software_hacked_defaced/
The official website of vBulletin.com forum software has hit the big red password reset following a breach by hackers that exposed the IDs of hundreds of thousands of users.
A hacker claimed the had made off with a combined 480,000 records after an attack that led to the defacement of the vBulletin.com and a reported hack against Foxit Software’s forum, both supposedly pulled off using the same zero-day vulnerability.
vBulletin.com was taken down for maintenance of the immediate aftermath of the attack, which took place on Saturday, 31 October (Halloween, ooooh).
vBulletin.com has since returned online, seemingly not much the worse for wear, to claim the attack, though “sophisticated”, had been limited to the potential exposure of “customer IDs and encrypted passwords”.
Even though this might be enough in itself to actually hack into accounts vBulletin.com has applied a precautionary reset, as a statement (extract below) by a vBulletin support manager explains.
We take your security and privacy very seriously. Very recently, our security team discovered a sophisticated attack on our network.
Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems.
We have taken the precaution of resetting your account password.'
[followed by lots of stuff I don't understand]
http://www.theregister.co.uk/2015/11/03/vbulletin_forum_software_hacked_defaced/
The official website of vBulletin.com forum software has hit the big red password reset following a breach by hackers that exposed the IDs of hundreds of thousands of users.
A hacker claimed the had made off with a combined 480,000 records after an attack that led to the defacement of the vBulletin.com and a reported hack against Foxit Software’s forum, both supposedly pulled off using the same zero-day vulnerability.
vBulletin.com was taken down for maintenance of the immediate aftermath of the attack, which took place on Saturday, 31 October (Halloween, ooooh).
vBulletin.com has since returned online, seemingly not much the worse for wear, to claim the attack, though “sophisticated”, had been limited to the potential exposure of “customer IDs and encrypted passwords”.
Even though this might be enough in itself to actually hack into accounts vBulletin.com has applied a precautionary reset, as a statement (extract below) by a vBulletin support manager explains.
We take your security and privacy very seriously. Very recently, our security team discovered a sophisticated attack on our network.
Our investigation indicates that the attacker may have accessed customer IDs and encrypted passwords on our systems.
We have taken the precaution of resetting your account password.'
[followed by lots of stuff I don't understand]