vBulletin.com / vBulletin.org Hacked

I could swear I read Paul said the Magento data wasn't involved. And I am almost positive Magento hashes the passwords too.

Scott

 

Just as many have said, it is downright idiotic behaviour that the vB staff have done so far.
They treat licensed customers like dirt and even accuse them of spreading bad publicity for IB.
As if they were saints so far. D'oh !

On this thread, a user was genuinely worried about the status of vb.org, vb.com and their user credentials/emails etc... Not long after, all the mods and some blowhards start raining down on him, with so many fake accusations that it makes your head spin.

I mean if you just have the nerves to go and read that thread you will see that as evidence of hacks come to light (with W.Luke's announcement, mass emails, Paul M posts on TAZ & vb.org ), they start backtracking in the shape of: "This is not what I meant", "There's no proof", until one of their pawns has the balls to own up to his bullshit and make an apology.

 

vBull customers are shutting down their forums and not taking BS answers from staff.
http://www.vbulletin.com/forum/foru...ubleshooting/4007629-vbulletin-4-security-gap
Of interest is this reply by Marc B.

And a customers reply

If I remember ALL the reports I've read, aren't these latest versions the ones that were hacked on vBull?

The whole vBull forum is full of people shutting down, deleting, and having spent hours rebuilding from the last hack attack. Other forum platforms should be gearing up for an influx of converts I think.

 

I think I read that somewhere in the last day or 2 also. But I don't believe a word he says now. Or EVER!!!!

 

I agree, that thread is a total disgrace which reflects very badly on all the staff there.

 

@valdet

Another valued customer shot down. I think many of those people commenting or disagreeing with the OP are suffering from ostrich syndrome. When they stick their heads in the sand they forget their butts are highly exposed and they'll never see it coming. I just hope they are well lubed because that has got to hurt.

On the other hand many vBull customers have had enough. They at least are doing the prudent thing to protect their members by shutting down or converting to other software before they get hit.

 

Well the guy was right in the end, but it's just a total mess. Even the staff didn't seem to know what had gone on at first. If they got hacked or not, funny.

 

Does the staff ever really know what's going on?

 

vBulletin -> vBullshit and sorry for my bad words. But reading at vb.org posts from customers in panic to ask some more details not as a way to blame the product but as a way to keep their forums protected, to be treated by vb.org staff like being guilty, it's over than my nerves limitations.

 

You are correct on both counts Scott. The logs currently indicate Magento data was not involved, but a part of me is erroring on the side of caution because the logs could have been tampered with or incomplete due to how long of a window the attackers were inside the system.

I pressed the issue personally, and Paul noted that the attackers did have access. Whether that access was used or not is another issue altogether.

 

That is sad. The man just cannot be trusted.

 

I think people should really start pestering Internet Brands about this idiot.

His comments could open up Internet Brands to all kind of legal trouble.

Internet Brands, Inc.
909 North Sepulveda Blvd., 11th Floor
El Segundo, CA 90245

310-280-4000

 

However there was a "HOWEVER" in his apology ...

Just vote with your cash like many others are ... While Laurel and Hardy are on the support team IB/vB will get not another penny from I or many others ..

 

I personally believe Internet Brands got lucky on this one. Had this breach been identified on or after January 1, 2014, they would be subject to the new California Data Breach Law Enhancement SB46:

The attorney general would have to get involved.

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB46

If SB46 falls under TLDR for you; here's the summary:

In this particular instance of what applies to Internet Brands, if usernames, emails, security reset questions and/or hashed passwords are compromised, it triggers a data breach notification to users and you can not contact users with the emails on file.

Be on the lookout as other states will likely start adopting similar legislation in the coming year.

 

@ManagerJosh - Ok. Thanks for the follow-up.

Scott

 

Argh. Have a post in moderation right now .

 

Who feels that this might actually be the downfall of vBulletin as a whole? Less people are going to trust the software and possibly move to other software companies like IPB or Xenforo.

 

I think it depends on how much money they are making from other sources. Their actions indicate that they are not interested in maintaining their current VB customer base.

When an organization treats their customers with disdain it is a precursor to that side of things sliding into oblivion.

Naturally it is totally illogical for a group that WANTS success, to do the things they are doing, as the management (money wise) are not stupid, it points to another tactic they are following.

With limited information it is hard to actually say what they have planned. Purely as an assumption, it seems that financially as VB5 has been a huge failure and they have to continue to service the old customers for very little return of money, they MAY be letting it have a natural death while they concentrate on their other income streams that produce more profit.
In their eyes the almighty dollar is king and so they would have no qualms about letting VB as a service die. To them the customer is a nuisance.

The continued employment of the terrible trio Mark B, Paul M, and Joe D. who are the most incompetent staff I have ever seen on any site, is confirmation that the management do not give a rats ass about their customers or members. Nor indeed about the continued employment of the staff.

Some staff like Lynne who have shares I understand, MUST be concerned about the value of her shares, but seems unable to set things right as it would involve a radical change of attitude on the part of the staff and include apologies and the reversing of stupid past actions, this I cannot see them having the courage to do.

I may be wrong in my assumption, but if it looks like a duck, quacks like a duck and waddles like a duck then there is a good chance that it IS a duck. And I fear the fat lady is making her way to the stage to start to sing.

 

In a post data breach era, it won't make or break a company as much as one would hope. However if there are enough consecutive breaches, yes it will draw fire from customers, and customers' customers

 

I don't think it will play a huge part but it will certainly build upon it though and especially as of late with the attitudes of some vB Staff both on vb.com and on admin forums which would not be helping their cause at all.