The dataset we have received contains 292,853 user accounts. was hacked this way on 25 or 26 September 2019, probably fully automated. If they do, the 0day exploit can be launched and the forum’s underlying database content can be stolen. Within hours to days, all websites worldwide can be queried to see if they are running vBulletin 5. Using off the shelf scanning tools, it is easy to perform an automated global inventory scan. This meant that all installations of vBulletin 5, on a global scale, could be hacked. This specific exploit worked against all 5.x versions of vBulletin. On 23 September a so called 0day exploit was posted on the ‘Full Disclosure’ mailing list. The current version - as used by - is 5.5.4. uses commercial forum software named vBulletin. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. publicly stated that passwords were not stolen. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon. The dump contains data of - among others - employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. Dutch website - used by prostitutes, escorts and their customers - had been hacked.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |