A hacker claims to have hacked some outdated vBulletin sites, resulting in about 800k accounts being collected. This was done by exploiting a SQL injection flaw in out-of-date vBulletin installs. While the data includes hashed passwords, and probably aren’t for super important stuff, the concern here is password reuse and the ability to use this data to get in to other accounts, or use it to socially engineer the folks on the list.

Imagine getting a phishing email from one of the domains, linking to the hack and asking for a password reset, but sending you to a credential phishing site. This is one scenario where the info could be used to collect reused passwords.

I strongly recommend using a password vault, like Lastpass or something similar to generate and store random passwords for websites. Protect this with a strong passphrase and 2-factor authentication, and you can go far in securing your online accounts.

FWIW, the domains that are claimed to be hacked are:

2ndfloor.org

aippm.com

aosts.net

atheistfoundation.org.au

aussievapers.com

backcountrytalk.earnyourturns.com

barcaforum.com

bdsmfap.com

birdphotographers.net

blacklistedsociety.com

blaze-gaming.net

bleachmyasylum.com

bluepark.co.uk

bluepearl-skins.com

board.uscho.com

breezesysforum.co.uk

callofduty-community.com

calltermination.com

campgroundmaster.com

canwatchco.ca

clan-gameover.com

clubdbsa.org

community.freebord.com

community.playkot.com

darkmills.cc

darkstar-gaming.com

devil-group.com

divxup.com

doublefinish.com

downloadpolitics.com

edmlife.com

eirtakon.com

elluel.net

ewebdiscussion.com

filmleaf.net

fishingboard.net

foilforum.com

forum.atlasti.com

forum.diversitynursing.com

forum.epygi.com

forum.jdmstyletuning.com

forum.pitofwar.com

forum.rompvp.com

forum.zenstudios.com

forums.augi.com

forums.bandainamcogames.com

forums.cashisonline.com

forums.kingsoftherealm.com

forums.mra-racing.org

forums.prowrestling.com

forums.superbetter.com

forums.supertrapp.com

forums.zarafa.com

fpvlab.com

free-dc.org

ftxgames.com

gaijingamers.com

gonegambling.com

gossamerblue.com

greenstandardsltd.com

gtsportstalk.com

hawkeshealth.net

hindudharmaforums.com

italianhax.com

joyheat.com

kirupa.com

koboxingforum.com

leakninja.com

ludoria.net

maiestas.org

marijuanagrowing.com

mernetwork.com

mixbizz.com

mtsboard.com

narc.net

new-smoke.com

nflfans.com

nifgaming.eu

nsxprime.com

ozzmodz.com

pascalgamedevelopment.com

pashnit.com

pathfinder-airsoft.com

pixelentity.com

pixelgoose.com

progressiveears.org

psychonaut.com

rangevideo.com

reasonforums.com

ridetherock.com

righttorebel.net

riseofchampions.com

roaddevils.com

safeskyhacks.com

scenesat.com

sectionseven.net

sedona.com

sledderforums.com

smallblockposse.com

smallworlds.com

spurstalk.com

supermensa.org

swgreckoning.com

systemtools.com

techimo.com

tequila.net

tetongravity.com

texasguntalk.com

the420room.com

thefobl.com

thehousebreakingbible.com

thewalkingdeadgaming.co.uk

torrent-invites.com

tropicalflowersforums.com

tupacfanbase.com

ulfencing.net

va-outdoors.com

vapersforum.com

vigilantgaming.net

vill.ee

vrtalk.com

wildraiderz.com

xboxforum.com

xsyon.com

yojoe.com

zonehacks.com

Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Like this: Like Loading...