Almost 1.7 million users affected by latest breaches. A hacker who goes by the name of uid0 claims to have breached three websites belonging to Penton Technology: Hot Scripts, Mac Forums, and Web Hosting Talk.
The hacker is now selling the data through The Real Deal Dark Web marketplace, like many other hackers have done before him.
vBulletin zero-day?
In an encrypted conversation with your reporter, the hacker claims that he was able to obtain full database dumps from all three websites. This includes user records, private messages, site content, hashed and salted passwords.
Two of these websites, Mac Forums and Web Hosting Talk, run on the vBulletin forum platform. The hacker claims that he’s in possession of a vBulletin zero-day, which allowed him access to these two sites.
It is currently unclear how the hacker breached the Hot Scripts service but shared servers might explain how he was able to acquire this service’s database. This scenario is only unconfirmed speculation since Penton has yet to respond to Softpedia’s request for comments.
Hacker leaks data for nearly 1,7 million users
According to uid0, the Mac Forums database contains the private details of over 291,000 users, the Hot Scripts database comprises details of over one million users, and the Web Hosting Talk data dump contains details on over 400,000 users.
The hacker is asking for 1.2 Bitcoin (~$800) for the Mac Forums database, and 3 Bitcoin (~$2,000) for each of the Hot Scripts and Web Hosting Talk databases.
In recent months, several database dumps belonging to LinkedIn, Tumblr, and MySpace have surfaced years after hackers breached those services. The hacker claims to have breached and dumped the data this year, in 2016.
Your reporter was not able to verify the validity of the hacker’s data because uid0 deferred the release of sample data to a later date. On the Dark Web marketplace, the seller has a 100% positive feedback, meaning previous buyers have not complained about fake data.
Softpedia has also reached out to vBulletin regarding the hacker’s claim to be in possession of a zero-day vulnerability.
Affected users should reset passwords ASAP
Users of these three services are advised to reset their passwords as soon as possible to avoid having their accounts compromised.
If they used the same username-password combo on other sites, they should change those credentials as well, since crooks have started to launch brute-force attacks on accounts on other sites using previously compromised credentials. One such service that has seen this kind of attacks is GitHub. Netflix and Facebook have taken special steps to prevent similar incidents.
Additionally, many of today’s CEOs have had various social media accounts hacked using this type of method. The most famous case is Mark Zuckerberg, who had his Twitter and Pinterest accounts hacked because he used the same password he employed for his LinkedIn account, which was included in the recent publicly disclosed breach, also available for sale on the Dark Web.
