Approximately 401,120 vBulletin.com and 503,204 vBulletin.org member accounts who post on each respective site are being asked to change their passwords after accounts on both websites were compromised in an attack.
How many victims? About 900,000
What type of personal information? Usernames, email addresses, and hashed passwords. It is unknown at this time if members area information and any personal identifiable customer information is at risk.
What was the response? An investigation is ongoing internally. Wayne Luke, vBulletin Technical Support Lead, posted about the attack, alerting users of the data breach and is encouraging users to update their passwords.
Details of attack: A development server, mainly used for quality assurance, was successfully broken into during the summer. Sometime between the summer and early October, the attackers successfully gained access to the primary database server, installed Adminer (formerly phpMinAdmin) and accessed the vBulletin.com and vBulletin.org user tables. At the conclusion of the attack, they deleted Adminer.
The log files that were examined do not show any attempted access of customer data in the support system and that they targeted the vBulletin user table. The log integrity is in question given that the attackers did delete evidence of their presence.
Quote: “We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.”