Party Vibe

It seems the hackers got access to a secondary Q&A server potentially through a hack of older code. The hack appears to have taken place as long ago as a month or more with the system in question running a recent export of their production database. However customer support and billing systems were unaffected according to Internet Brands.

All user passwords have now been set to change on vBulletin.com and vBulletin.org as a precaution. Although vBulletin stores password information in encrypted format it’s unclear whether these have or will be compromised however it’s not impossible and will depend on the level and type of encryption used of course. An email has also been sent out to all customers…

This hack is a big deal given the popularity of the company’s software and the number of websites using it. vBulletin has suffered issues in recent years since the acquisition of it’s original owner Jelsoft Enterprises ltd by Internet Brands in 2007. After a lenghty court case against former members of their core development team who set up a rival company and forum software called Xenforo. Pricing and support model changes over the last few years which have proved unpopular with their install base. A significant vulnerability in several versions of vBulletin exposed not long ago affecting many thousands of websites. Up take of the latest version of their software (vBuleltin 5.x) having been somewhat poor with the development process beset by delays and bugs. And this latest seemingly deliberate although exaggerated attempt to harm their reputation through this attack by spreading fear, uncertainty and doubt.

The perpetrators claim of having uncovered a flaw in all versions of vBulletin seems unlikely and remains unproven at this time but information is still sparse. krebsonsecurity.com have addressed vBulletin an open letter to informing them of the situation which was orginally revealed on Facebook and asked for a public statement.

Several vBulletin staffers have stated publicly that yesterday’s brief down time on vBulletin.com and vBulletin.org was maintenance related and had nothing to do with the hacking of their QA server…

Note:

This post was updated as new information about this hack became available.

[IMG]http://www.partyviberadio.com/forums/attachment.php?attachmentid=85826&stc=1[/IMG]
[IMG]http://www.partyviberadio.com/forums/attachment.php?attachmentid=85827&stc=1[/IMG]
[IMG]http://www.partyviberadio.com/forums/attachment.php?attachmentid=85828&stc=1[/IMG]

Some unofficial details from a staffer…

1. I stated (correctly) that the server they hacked was an old QA stage server.

2. The server was not hacked yesterday, the screenshots date it at sometime in October (more than likely they did it even earlier, just took later shots).

3. vb.org & vb.com were last down (12th/13th depending on your timezone) because of scheduled work on the database server.

You are free to discuss this situation on vBulletin.org, you are not free to make up stuff.

What hasn’t been disclosed is whether the hackers had access to customer records and financial information, also the support system in particular which must contain a large amount of sensitive customer information…

Updated above, this now appears not to be the case.

The owners of vBulletin need to release more information about exactly what happened, all we know right now is that passwords were stolen. The hackers are claiming to have found a weakness in all versions of vBulletin which isn’t impossible but unlikely. It also appears the hackers lied about the macrumours.com hack, so there’s a good chance their statement is about spreading fear, uncertainty and doubt, and this isn’t a new flaw in vBulletin…

We’ve been using vBulletin’s software for more than a decade. And these hackers are claiming to have found a new weakness in all versions of this software but there’s no evidence of this being true yet. So we appear to be safe for now…

@Gylfi Sigurðsson 558440 wrote:

Thats what I was gonna say, because I don’t understand any of it. Pv uses VBulletin does it not?

Unofficial statements have surfaced from Internet Brands suggesting the screenshots are fake and only one table of a database was targetted. I’ve updated the first post in this thread with an unofficial statement from a vBulletin staffer in reply to questions I put to them…

On the subject of the macrumors.com hack: