Software Maker Forum vBulletin has been compromised, vBulletin is a proprietary internet forum software package that runs the forums for popular websites such as Macrumors and Ubuntu, announced in a blog post on Friday that its security team discovered sophisticated attacks on its network involving illegal access to forum user information.
The acknowledgement last week one of the popular Mac news website Macrumours admitted that a security breach had led to the exposure of hashed passwords for over 860,000 users.
At that time, Macrumors editorial director Arnold Kim wrote in a short advisory that the attack resembled the attack on Ubuntu user forums in July.
The hacker team Inj3ct0r published a Facebook post claiming that they were responsible for the attacks on both vBulletin and Macrumours.
The Inj3ct0r Team members said they breached the vBulletin website by exploiting a previously undocumented vulnerability in the vBulletin software. They then used this privileged access to obtain login credentials for the Macrumors moderator account. After logging in to the account, they stole the password hashes for 860,106 Macrumors accounts.
"Inj3ct0r Team hacked vBulletin.com and Macrumors.com. Inj3ct0r Team hacked the big CMS vendor vBulletin.com. We got shell, database and root server," the post read.
"We wanted to prove that nothing in this world is not safe. We found a critical vulnerability in vBulletin all versions 4.x.x and 5.Ñ….x. We've got upload shell in vBulletin server, download database and got root."
The vBulletin is advising users to urgently change their passwords on any other website where they might be using the same login credentials.
Because of vBulletin world biggest hacking conference DEF CON forum is also going down, vBulletin needs to act fast if it is going to have any chance to restore users confidence in the security of its forum software.
The acknowledgement last week one of the popular Mac news website Macrumours admitted that a security breach had led to the exposure of hashed passwords for over 860,000 users.
At that time, Macrumors editorial director Arnold Kim wrote in a short advisory that the attack resembled the attack on Ubuntu user forums in July.
The hacker team Inj3ct0r published a Facebook post claiming that they were responsible for the attacks on both vBulletin and Macrumours.
The Inj3ct0r Team members said they breached the vBulletin website by exploiting a previously undocumented vulnerability in the vBulletin software. They then used this privileged access to obtain login credentials for the Macrumors moderator account. After logging in to the account, they stole the password hashes for 860,106 Macrumors accounts.
"Inj3ct0r Team hacked vBulletin.com and Macrumors.com. Inj3ct0r Team hacked the big CMS vendor vBulletin.com. We got shell, database and root server," the post read.
"We wanted to prove that nothing in this world is not safe. We found a critical vulnerability in vBulletin all versions 4.x.x and 5.Ñ….x. We've got upload shell in vBulletin server, download database and got root."
The vBulletin is advising users to urgently change their passwords on any other website where they might be using the same login credentials.
Because of vBulletin world biggest hacking conference DEF CON forum is also going down, vBulletin needs to act fast if it is going to have any chance to restore users confidence in the security of its forum software.
Dear All,
ReplyDeleteWe are going to introduce you a new and exciting world of social network.
FUNBOOK
Join now for free and be a part of this fast growing online social community. Enjoy the new features at one place.
Click Here to Join
or
feel free to contact us HERE
Your precious feedback is highly appreciated
Best of Luck