vBulletin Forums Breached: Millions of Accounts for Sale on Dark Web – CybersecurityNews

2 minutes, 54 seconds Read

vBulletin, a widely used forum software, has been compromised, potentially exposing millions of user accounts.

The breach was facilitated by a software vulnerability, specifically affecting versions 4.2.2 and 4.2.3.

The Forumrunner add-on was pinpointed as the weak link that allowed attackers to perform SQL Injection attacks.

The Vulnerability

The issue’s core lies in an SQL Injection vulnerability reported to the vBulletin team.

SQL Injection is an attack that allows attackers to execute malicious SQL commands in a web application’s database.

It can lead to unauthorized access to sensitive data, including user credentials, personal information, etc.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

  • Understand the importance of a zero trust strategy
  • Complete Network security Checklist
  • See why relying on a legacy VPN is no longer a viable security strategy
  • Get suggestions on how to present the move to a cloud-based network security solution
  • Explore the advantages of converged network security over legacy approaches
  • Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.


This particular vulnerability was found in the Forumrunner add-on of vBulletin 4, a component used to optimize forums for mobile devices.

Have I Been Pwned recently tweeted that the vBulletin forum suffered a data breach, compromising 2.6 million records.

Immediate Response

Upon discovery, the vBulletin team acted swiftly to mitigate the risk posed by this vulnerability.

Security patches for vBulletin versions 4.2.2 and 4.2.3 were released to address the issue. The patches are identified as:

  • vBulletin 4.2.2 Patch Level 5
  • vBulletin 4.2.3 Patch Level 1

 Users of the affected versions are urged to apply these patches immediately to secure their forums against potential attacks.

Furthermore, the release of vBulletin 4.2.4 Beta 2 includes the necessary fix, offering an additional upgrade path for users seeking to protect their platforms.

To secure their forums, vBulletin administrators should download the appropriate patch for their version and upload all files from the zip file to their server, ensuring to overwrite the existing files.

For those running versions of vBulletin 4 older than 4.2.2, a standard upgrade to the latest version is recommended, which would inherently include the security fixes.

Broader Implications

The breach has raised concerns over the security of forum software and the potential for sensitive user data to be compromised and sold on the dark web.

Millions of accounts could be at risk, underscoring the importance of timely updates and patches in safeguarding digital platforms.

This incident serves as a stark reminder of the ever-present threat of cyberattacks and the need for web administrators to be constantly vigilant.

The vBulletin team’s prompt response in releasing patches demonstrates a commitment to security and highlights the ongoing battle against cyber threats.

vBulletin users are strongly advised to take immediate action to update or patch their software to protect against this vulnerability.

The incident underscores the critical importance of cybersecurity measures in protecting user data and maintaining trust in digital platforms.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts