vBulletin.com hacked, hackers trying to sell info on 0-day used
Posted on 18 November 2013.
The developers of popular Internet forum software vBulletin have announced late on Friday that their network has been attacked and successfully breached, and that the hackers involved have accessed customer IDs and encrypted passwords on their systems.

The company has reacted by immediately resetting all usersí passwords and is asking them to choose a new, more complex one that they wonít be using on other sites, but havenít shared more details about how the hack came to pass.

But another group has. Hacker group Inj3ct0r Team has claimed responsibility for the hack on their Facebook page, and they have also professed to be the ones who breached MacRumors forums and have likely made off with the database containing the passwords of its registered 860,000 users.

MacRumors site owner Arnold Kim said that the approach used by the attackers was the same one used to compromise the Ubuntu forums back in July: they managed to get their hands on the account credentials of a forum moderator, and were able to escalate their privileges in order to access the password database.

It has yet to be confirmed how they managed to get the moderatorís account credentials in the first place, but if Inj3ct0r Teamís claims are to be believed, they took advantage of an zero-day critical vulnerability affecting versions 4.x.x and 5.х.x of vBulletin.

ďWe've got upload shell in vBulletin server, download database and got root,Ē they wrote. ďWe wanted to prove that nothing in this world is not safe.Ē

Apparently, the same vulnerability has been used to breach MacRumors. The Ubuntu forums also ran on vBulletin.

The existence of such a vulnerability is still unconfirmed by the company, but you can be sure that they are working furiously to discover it (if there is one).

The hacker team is apparently openly selling information about and possibly the patch for the vulnerability in question.

In the meantime, there are apparently some that believe Inj3ct0r Teamís claims - or, at least, are not willing to endanger their users. Defcon forums have been disabled pending the resolution of the vulnerability, and will be back when a patch is out and is installed.

Wayne Luke, vBulletin Technical Support Lead, has announced that they have analysed the evidence provided by the Inject0r Team, and that they do not believe that the hackers have uncovered a 0-day vulnerability in vBulletin.

"These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software," he concluded.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th