14 DAY TRIAL // Administrators of the vBulletin forums have started a site-wide password reset operation after an unknown attacker gained access to one of their servers.
Last Thursday, the vBulleting.org and vBulleting.com domains went offline for maintenance and remained so until Friday afternoon. As soon as the forums came back online, all users were forced to reset their passwords in order to access their accounts.
The combination of this non-scheduled maintenance and the forced password reset is a typical sign of a data breach. The hacking incident was confirmed hours later, on Friday, by Paul Marsden, Lead Developer for vBulletin.org & vBulletin.com.
vBulletin Germany servers hacked by unknown attacker
From clues left in two topics on vBulletin.org and The Admin Zone, Marsden says the hacker(s) accessed the company's VBG (vBulletin Germany) servers.
Since these servers hold information on other vBulletin services, vBulletin Solutions, the company behind the vBulletin commercial forum software package, decided to reset passwords for all accounts.
From Marsden's statements, the hacked server also stored data on VBC (vBulletin.com, vBulletin Connect) and VBO (vBulletin.org). As of now, vBulletin has not confirmed if the attacker gained access to any user information.
Attacker clearly targeted the company
Asked if the company plans to reveal how this attack played out, Marsden has answered, "[sic] I'm not sure what information you mean, there certainly wont be any detailed information on how it was done - however, I can tell you it wasnt via any vB exploit - in fact, the VBG site doesnt run vbulletin. Someone clearly targetted the site, it was obvious they had planned this quite carefully."
As explained above, the point of the hacker's intrusion seems to be the CMS used to run vBulletin Germany's presentation site, and not the vBulletin software. There is no new vBulletin zero-day, but it is advised that forum admins apply the company's latest security patch, released three days prior to this incident.
Last November, the vBulletin forums were hacked using a zero-day in the vBulletin forum package. An Egyptian hacker known as Coldroot took credit for the incident.