Search the Community

I received this email today: After logging into vbulletin's site, I changed my password and checked out the client forums. vBulletin's software was compromised, again. Earlier this year, PCGamers forum was hacked and then earlier in July, Ubuntu forums was hacked. And just the other day vbulletin.com, vbulletin.org and MacRumors were all hacked. All of the sites were running vbulletin software. References: http://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/ http://www.macrumors.com/2013/11/12/macrumors-forums-security-leak/ https://www.facebook.com/inj3ct0rs/posts/611793255548704 http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4007195-important-message-regarding-your-account http://www.vbulletin.org/forum/showthread.php?t=304626 I'm glad we stopped using this software when we did. vbulletin.org runs vb 3 which is what we were running in the end before switching to Invision Power Board. If vb3 is now vulnerable, then all the numerous sites still using it are at risk. Anyone that has used the same password on all sites, should not use any password they have previously used on any vBulletin site. The Ubuntu and MacRumors sites were hacked because a moderator account was broken into. The vBulletin.com and vBulletin.org sites have not stated how they were hacked into, nor do they have a fix for this exploit because it is "being looked into."