Reports indicate that a hacker collective called Inj3ct0r Team have compromised vBulletin.com by exploiting a zero-day vulnerability that affects vBulletin versions 4.x and 5.x, exposing users’ login credentials.
“Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password,” wrote vBulletin’s Lead Technical Support Wayne Luke.
The same group has apparently also breached the DEFCON user forums and claims to have made copies of the systems’ database prior to the admins shutting down the site as a security precaution.
“Inj3ct0r Team closed http://forum.defcon.org/ powered by [vBulletin]. You are late, we made a backup sites that we care about you too. LOL,” the group stated on Facebook.
Inj3ct0r Team is also being connected to the hack of MacRumors last week using the same zero-day vulnerability where the site was compromised after someone was able to log into the system with a moderator account and then escalate privileges, exposing as many as 860k user account credentials.
The vulnerability has been available for purchase on the black market since shortly after the MacRumors hack, and just a short time prior to the vBulletin announced their systems were compromised.
Read More Here…