I received this email today:
This is an important message about your account.
We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
To regain access to your account:
- Visit the vBulletin forums at http://www.vbulletin.com/settings/account
- Enter in your existing password followed by your new password, twice for confirmation.
- Save this page at the bottom.
Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.
vBulletin Lead Technical Support.
Helping You Build Better Communities,
After logging into vbulletin's site, I changed my password and checked out the client forums. vBulletin's software was compromised, again.
Earlier this year, PCGamers forum was hacked and then earlier in July, Ubuntu forums was hacked. And just the other day vbulletin.com, vbulletin.org and MacRumors were all hacked. All of the sites were running vbulletin software.
I'm glad we stopped using this software when we did. vbulletin.org runs vb 3 which is what we were running in the end before switching to Invision Power Board. If vb3 is now vulnerable, then all the numerous sites still using it are at risk. Anyone that has used the same password on all sites, should not use any password they have previously used on any vBulletin site.
The Ubuntu and MacRumors sites were hacked because a moderator account was broken into. The vBulletin.com and vBulletin.org sites have not stated how they were hacked into, nor do they have a fix for this exploit because it is "being looked into."