Hacked : Around 800,000 Accounts Exposed and Details Stolen in vBulletin

You Read that Right – A Staggering 800k Accounts Exposed!

How often do you use the same password on multiple sites?

If it’s quite often for comfort, you have good reason to be worried. It pans out that most online community forums make rapid use of some software called vBulletin. It turns out that around 800,000 accounts were exposed to hackers as they broke into a vBulletin glitch.

vBulletin is Easy Going

It is extremely convenient to get a vBulletin form integrated and functional in a short while. The relative ease of setup and competitive edge over other similar software has made vBulletin the #1 community software in the world.

However, you should adhere to several lines of caution here –popular and widely adopted software does not mean it is always safe and secure too. This gets a little thicker when you realize that there are many vBulletin forums which were launched and left to the devices.

These forms are mostly left unattended by the site admins. The oh’-so-important security patches and updates have either not been implemented. That leaves the data acutely vulnerable to any well-directed phishing attack.

At Least 126 Forums were Compromised

Some reports highlight that a pack of hackers claim to have broken the codes of at least vBulletin forums. They stole precisely 819,977 account details – which even included their emails and passwords.

This does not seem to be a major war if the forum was just a place where you discussed the next season of Game of Thrones. But consider the number of people who tend to repeat logins and passwords across forum and you suddenly realize the enormity of what just happened.

This is why I personally use a spare login and pass for every forum.

If you did not repeat your passwords or logins across forums there is not much that you need to worry about.

Sensitive Information Lost

There’s no harm in losing the login and pass of a forum. You can always create a new set, right?

But this attack did not only steal vBulletin credentials of around 800,000 people.

To make things worst some other things were compromised too – 108,777 Yahoo accounts, 121,507 Hotmail accounts and a staggering 219,324 Gmail accounts.

This is when you realize how much trouble the account hack actually created. It is never a good idea to lose your email credentials to a phishing attack on a random online forum.

Reputation at Stake

The issue is not related to third party software like vBulletin alone. A lot of good work is also involved in the process.

Many reputed sites make use of vBulletin forums. There was a similar incident in 2012 wherein vBulletin was the third-party software installed in a forum. There was vulnerability in the software and the information of a lot of members was compromised.

In the above hack, most members were not aware of the third party software. They held the host site directly responsible for the security lapse.

The vBulletin attack was just another day and just another hack. It teaches site admins the extremely critical step to continually update patches.

As regular web users, we need to be more sensitive about never repeating sensitive login credentials across sites.