Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

User data compromised in breach of vBulletin

Share

All passwords have been reset for users of vBulletin software, used for website forums, following a breach that compromised the personally identifiable information of nearly 480,000 subscribers, according to ars technica.

While the developer released a security patch on Monday night, hours after the incursion was detected, ars technica suggested that from available evidence the site "contained a zero-day vulnerability that allowed hackers in the wild to gain almost complete control over websites that used the forum app."

However, Wayne Luke, technical support lead at vBulletin, denied a zero-day was responsible. "These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications," he said in a statement issued on Monday.

Tod Beardsley, principal security research manager at Rapid7, said in a statement issued on Wednesday, that it looks like the attack on vBulletin was due to a SQL injection bug in its forum software.

Beardsley advised organizations that rely on vBulletin to apply the security patch immediately. "vBulletin is a popular target, since compromising a forum site can provide an effective platform for a watering hole attack. An unpatched bug in the platform can expose downstream users to serious risk," the security researcher explained.

User data compromised in breach of vBulletin

All passwords have been reset for users of vBulletin software, following a breach that compromised the personally identifiable information of nearly 480,000 subscribers

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.