One of the most widely used forum software vBulletin has been hacked, again. The official webpage of vBulletin, vbulletin.com remains down hours after being attacked by a hacker who goes by name Coldzer0 and Coldroot. The news of this attack on vBulletin first appeared on Cyber_Wars_News Twitter account. Thousands of users’ data is feared to be stolen in this attack. According to evidence acquired by @Cyber_War_News, the hacker managed to break into vBulletin’s infrastructure, upload a shell and was able to steal the company’s customer database.
Coldroot aka Coldzer0 is believed to be known as Mohmed Osama, based in Egypt and working with Orbit Shield. He describes himself as vulnerability, malware researcher & exploit developer on his LinkedIn profile. Osama also has a Frelancer.com profile using username Coldzer0x0. Osama is said to have shot a video of himself hacking into vbulletin.com and uploaded the video to YouTube which was removed soon. Osama also took credit of the attack on his Facebook account by posting proof of the attack. Soon after it was taken note of, the account was deleted. @Cyber_War_News managed to get a screenshot of the Facebook profile which shows the proof of attack on vBulletin along with the database tables.
The amount of data stolen in this attack is not known at this time. But the screenshot provided by CWN indicates that user IDs, full names, email addresses, security questions and answers along with password salts are among the data he acquired by the hacker.
The hacker claimed that his attack went undetected but the breach was detected and discussed by the company towards during last week. A screenshot of the discussion on official vBulletin forum is shown here.
The hacker used a zero-day vulnerability in the vBulletin forum package to breach the site. The hacker also claimed to have hacked into the forum section of Foxit software using the same vulnerability. Foxit Software’s forum is also powered by vBulletin. The hacker claimed to have stolen data of around 260,000 customer accounts in his two-day attempt of hack.
This is not the firm incident when vBulletin has been hacked. There has been many successful attempts in past to compromise vBulletin powered sites. In October 2013, almost exactly two years ago, an attack on vBulletin-powered websites was made and 35,000 sites were hacked. vBulletin forum software’s current stable released was released on 10th August, 2015. Shortly after this attack, another hack took place by Inj3ct0r Team in which they used a 0-day vulnerability and gained access shell, root and database access. This hack took down vBulletin and MacRoumers. vBulletin has been under attack even before these incidents as well.
I am not sure why a hacker would come out in public bragging about his hacking success. Coldzer0 aka Coldroot aka Mohamed Osama has a LinkedIn profile and the same profile picture as his LinkedIn profile was used on his Facebook profile as well. The Freelancer profile also gives more idea about him. The hacker has also made his real name public, which makes me think why a hacker would do something which gives the authorities clear idea of his/her identity.
vBulletin’s official site remains down and states as ‘Under Maintenance’ at the time of writing this while Foxit Software’s forum is operational. There has been no official statements made by vBulletin or Foxit about this incident. I will keep this space updated as more information comes in.
You were reading vBulletin Down After Being Hacked : Thousands of Users’ Data Feared Stolen on techstuffer.com. If you found this article informative, please share it with others.