A group of European hackers by the name of Inj3ct0r Team have taken responsibility for hacking the support forums of vBulletin.com and the forums of MacRumors.com, both of which run vBulletin’s forum software (TechSpot used to run vBulletin as well until a couple of years ago). This led the company to issue a hacking alert to customers late last week.
In the alert, vBulletin technical support lead Wayne Luke said their security team recently discovered sophisticated attacks on their network that involved the illegal access of forum user information and possibly user passwords. Luke noted their investigation indicated the attackers accessed customer IDs and encrypted passwords. vBulletin has reset user passwords as a precautionary measure, we’re told.
As of last Thursday, Inj3ct0r Team claims to have discovered a zero-day exploit in the forum software. They used this to gain access to vBulletin’s server and download a user database which was then cracked offline. From there, they uncovered details for an admin account with root-level access.
vBulletin reportedly uses the MD5 cryptographic algorithm which may sound impressive, but it’s not. Multiple security experts have deemed this method unfit for password security due to the fact that it can be easily cracked using offline methods like Inj3ct0r Team claims to have done.
The group also made away with 860,000 usernames, e-mail addresses and encrypted credentials from Apple enthusiast site MacRumors. One of the attackers promised not to leak the data or harm people unless individuals are targeted individually for some unrelated reason.
vBulletin has yet to release a patch for the vulnerability nor have they said exactly how the attackers gained access.