vBulletin.com / vBulletin.org Hacked

A major developer gets hacked and the first news I see of it is from @Brandon on Twitter. All par for the course with IB. At least none of my major sites run vB though it would be nice to know what the issue is to patch clients.

My passwords were unique all they can really do is use my licenses. Which hey more power to them.

 

Looks like it *was* being discussed on vbulletin.com, but subsequently deleted.

Whoever designed vBulletin 5's search system should probably do something else for a living. Because you can see deleted stuff in search results.

 

So was vB.com and vB.org hacked or not?

 

Well their deleting topic about it and no communication so it might be true.

 

Well is not the whole script one big disaster, you can fire them all that worked on vBulletin 5 but who will maintain it then.

 

Well if it is true, nice of them to NOT inform customers their profile account information might be at risk.

 

We can't say we didn't see this coming.

 

I am sure once they see the inners of the data they will give it back ... I doubt anyone would want ownership of this script ....

 

so, where have mark b and Paul m been?

I figured they'd be here by now defending and trying to spin this some way.

How long before they scrap the vBulletin 5 fiasco? Here it is over a year later, there is still no CMS, and there is only like 50 mods or so released at vbulletin.org. How they can't call this a complete failure is beyond me.

 

Marks probabley busy "talking to himself" on his forum....

As for Paul M, he was giving the excuse on TAZ that the Test board was hacked instead, but forgot to mention they use a snap-shot of vB.com for it with users having same password accounts e.t.c

 

Test board or not it's still on the vbulletin.com/.org servers?

Maybe @Paul M could clarify for us here?

 

Why would a company do just that if they can deny it, it did not happen and they lose no face in the mean time. If it comes out they use PR to fix it.

There not going to scrape anything why would they, look how their talking they still think vBulletin 5 is still is better then anything else out there. Developers that make mistakes and manager that do not care and a CEO that has no clue what is needed in forum development.

 

A possible explanation in a typical future scenario.

Mark B /Paul M- "What do you mean we were hacked, VB died from natural causes.

Upset customer.- " How can you excuse such incompetence and say it died from natural causes"?

Mark B /Paul M.- "Well due to the complete failure of VB5 and the total incompetence of the support staff and management it is natural for it to have died. Now you are banned for asking, bye sucker."

 

I have been dealing with "empty message" errors not to mention that people is not logged in when it is.

In the past ticking the checkbox was enough but now this trick doesn't work with the home page, all other show people logged in though.

However the more I use vBulletin 5, the more problem I'm finding with the script.

 

I think that those of us who stated earlier that VB5 was ill conceived and a total disaster are totally vindicated now.

 

They've been busy updating database passwords which lead to any downtime today.

http://www.vbulletin.org/forum/showpost.php?p=2461021&postcount=3

Why were they changing database passwords if nothing is wrong?

 

When I went away on holiday (about 4 weeks ago now) I had a lovely internet free week. No constant negativity, twisting of words, and general hassle. I decided that when I came back I'd not bother much (if at all) with this and a few other sites where the majority of posters only seem interested in how they can attack IB again.

I made the mistake of breaking that decision yesterday [on TAZ], and already someone above has twisted what I said (I did not make an "excuse". I stated a fact about what server was hacked). I dont intend to make that mistake again so while I may read the comments, its unlikely I'll post again, unless I really feel a complete untruth should be corrected. No matter what I say (or indeed anyone else says), we all know what direction this thread will go, you can already see it happening above.

 

Was it the on the same server vb.com prod is on?

 

I can't believe IB hasn't said anything on their company forums (yes I can) yet about the breach. It's clear a breach has occurred of the vBulletin systems, but what has been compromised is anyone's guess at this point.

If it was just a Q&A server, it's been stated that those are populated with the information from the main vBulletin database. Which would mean, thousands of users emails, and passwords were compromised. Judging from the scheme of the DB table, it's possible more information was compromised as well.

And it's the weekend, corporate IB takes weekends off, so don't expect any announcement soon for this embarrassment.