800K vBulletin accounts compromised with SQL injection attack

A hacker claims to have hacked some outdated vBulletin sites, resulting in about 800k accounts being collected. This was done by exploiting a SQL injection flaw in out-of-date vBulletin installs. While the data includes hashed passwords, and probably aren’t for super important stuff, the concern here is password reuse and the ability to use this data to get in to other accounts, or use it to socially engineer the folks on the list.

Imagine getting a phishing email from one of the domains, linking to the hack and asking for a password reset, but sending you to a credential phishing site. This is one scenario where the info could be used to collect reused passwords.

I strongly recommend using a password vault, like Lastpass or something similar to generate and store random passwords for websites. Protect this with a strong passphrase and 2-factor authentication, and you can go far in securing your online accounts.

FWIW, the domains that are claimed to be hacked are:

2ndfloor.org
aippm.com
aosts.net
atheistfoundation.org.au
aussievapers.com
backcountrytalk.earnyourturns.com
barcaforum.com
bdsmfap.com
birdphotographers.net
blacklistedsociety.com
blaze-gaming.net
bleachmyasylum.com
bluepark.co.uk
bluepearl-skins.com
board.uscho.com
breezesysforum.co.uk
callofduty-community.com
calltermination.com
campgroundmaster.com
canwatchco.ca
clan-gameover.com
clubdbsa.org
community.freebord.com
community.playkot.com
darkmills.cc
darkstar-gaming.com
devil-group.com
divxup.com
doublefinish.com
downloadpolitics.com
edmlife.com
eirtakon.com
elluel.net
ewebdiscussion.com
filmleaf.net
fishingboard.net
foilforum.com
forum.atlasti.com
forum.diversitynursing.com
forum.epygi.com
forum.jdmstyletuning.com
forum.pitofwar.com
forum.rompvp.com
forum.zenstudios.com
forums.augi.com
forums.bandainamcogames.com
forums.cashisonline.com
forums.kingsoftherealm.com
forums.mra-racing.org
forums.prowrestling.com
forums.superbetter.com
forums.supertrapp.com
forums.zarafa.com
fpvlab.com
free-dc.org
ftxgames.com
gaijingamers.com
gonegambling.com
gossamerblue.com
greenstandardsltd.com
gtsportstalk.com
hawkeshealth.net
hindudharmaforums.com
italianhax.com
joyheat.com
kirupa.com
koboxingforum.com
leakninja.com
ludoria.net
maiestas.org
marijuanagrowing.com
mernetwork.com
mixbizz.com
mtsboard.com
narc.net
new-smoke.com
nflfans.com
nifgaming.eu
nsxprime.com
ozzmodz.com
pascalgamedevelopment.com
pashnit.com
pathfinder-airsoft.com
pixelentity.com
pixelgoose.com
progressiveears.org
psychonaut.com
rangevideo.com
reasonforums.com
ridetherock.com
righttorebel.net
riseofchampions.com
roaddevils.com
safeskyhacks.com
scenesat.com
sectionseven.net
sedona.com
sledderforums.com
smallblockposse.com
smallworlds.com
spurstalk.com
supermensa.org
swgreckoning.com
systemtools.com
techimo.com
tequila.net
tetongravity.com
texasguntalk.com
the420room.com
thefobl.com
thehousebreakingbible.com
thewalkingdeadgaming.co.uk
torrent-invites.com
tropicalflowersforums.com
tupacfanbase.com
ulfencing.net
va-outdoors.com
vapersforum.com
vigilantgaming.net
vill.ee
vrtalk.com
wildraiderz.com
xboxforum.com
xsyon.com
yojoe.com
zonehacks.com

 


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

One thought to “800K vBulletin accounts compromised with SQL injection attack”

  1. A good application delivery controller with a good Web Application Firewall would very likely have blocked this type of attack. Keeping code, middleware, operating systems, and databases patched is really challenging. Our low cost enterprise class ADCs could have prevented this. Always think defense in depth. Application security is one of the layers needed. KEMP can help…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.