UPDATED 07:00 EDT / NOVEMBER 19 2013

NEWS

vBulletin forums hacked: Inj3ct0r Team tries to sell zero-day flaw

It’s come to light that the makers of the popular web forum software vBulletin have admitted a major security breach last Friday, which saw their network successfully hacked and breached, with the hackers gaining access to customers’ IDs and passwords.

vBulletin said that it reacted immediately to the breach by resetting its users’ passwords automatically, and is asking them to choose a new one that they don’t use on other sites. So far, the company hasn’t revealed how the hackers gained access to their systems, yet a well-known hacking group going by the name of Inj3ct0r Team has already claimed responsibility for the breach. In a post on its Facebook page, the Inj3ct0r Team also claimed to be responsible for hacking the popular MacRumors forum last week, making off with the passwords and IDs of more than 860,000 users in the process.

According to Arnold Kim, MacRumors had been compromised in the same fashion as the Ubuntu forums last July – the hackers obtained a forum moderator’s login details, before escalating their privileges to gain access to the database of passwords. It’s not clear exactly how the moderator’s login credentials were obtained, but according to Inj3ct0r Team, they did so by taking advantage of a zero-day vulnerability that affects vBulletin versions 4.x.x and 5.x.x.

“We’ve got upload shell in vBulletin server, download database and got root,” wrote Inj3ct0r Team on its page. “We wanted to prove that nothing in this world is not safe.”

Inj3ct0r Team is now trying to sell information on the zero-day flaw, posting on its page:

“All those wishing to buy a vulnerability and patch your forum : http://1337day.com/exploit/description/21518”

This is the vulnerability that Inj3ct0r Team claims it used to hack into MacRumors, and while it hasn’t admitted to the hack on the Ubuntu forums, that site also uses vBulletin’s software.

However, Inj3ct0r Team’s claims of a zero-day vulnerability in vBulletin have been rejected by the company. In an announcement posted on the vBulletin forum, Wayne Luke, Technical Support Lead, claimed that the company had carefully analyzed evidence surrounding the breach, and concluded that no vulnerability existed:

“Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin,” wrote Luke.

“These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.”

But not everyone believes vBulletin’s claims that it hasn’t been compromised. The owners of the popular Defcon forums have disabled access to their site in order to prevent their user’s accounts being endangered, saying that they’ll be back online when a patch has been issued and installed.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU