vBulletin.com / vBulletin.org Hacked

Discussion in 'vBulletin Discussions' started by BamaStangGuy, Nov 14, 2013.

  1. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    I could swear I read Paul said the Magento data wasn't involved. And I am almost positive Magento hashes the passwords too.

    Scott
     
  2. valdet

    valdet Regular Member

    Joined:
    Oct 18, 2013
    Messages:
    22
    Likes Received:
    13
    Location:
    Kosovo
    Just as many have said, it is downright idiotic behaviour that the vB staff have done so far.
    They treat licensed customers like dirt and even accuse them of spreading bad publicity for IB.
    As if they were saints so far. D'oh !

    On this thread, a user was genuinely worried about the status of vb.org, vb.com and their user credentials/emails etc... Not long after, all the mods and some blowhards start raining down on him, with so many fake accusations that it makes your head spin.

    I mean if you just have the nerves to go and read that thread you will see that as evidence of hacks come to light (with W.Luke's announcement, mass emails, Paul M posts on TAZ & vb.org ), they start backtracking in the shape of: "This is not what I meant", "There's no proof", until one of their pawns has the balls to own up to his bullshit and make an apology.
     
    Last edited: Nov 19, 2013
    Big al and zappaDPJ like this.
  3. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    vBull customers are shutting down their forums and not taking BS answers from staff.
    http://www.vbulletin.com/forum/foru...ubleshooting/4007629-vbulletin-4-security-gap
    Of interest is this reply by Marc B.
    And a customers reply
    If I remember ALL the reports I've read, aren't these latest versions the ones that were hacked on vBull?

    The whole vBull forum is full of people shutting down, deleting, and having spent hours rebuilding from the last hack attack. Other forum platforms should be gearing up for an influx of converts I think.
     
    Big al likes this.
  4. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    I think I read that somewhere in the last day or 2 also. But I don't believe a word he says now. Or EVER!!!!
     
    Big al likes this.
  5. zappaDPJ

    zappaDPJ Regular Member

    Joined:
    May 27, 2013
    Messages:
    250
    Likes Received:
    165
    Location:
    London, England
    I agree, that thread is a total disgrace which reflects very badly on all the staff there.
     
    Last edited: Nov 19, 2013
    Big al likes this.
  6. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    @valdet
    Another valued customer shot down. I think many of those people commenting or disagreeing with the OP are suffering from ostrich syndrome. When they stick their heads in the sand they forget their butts are highly exposed and they'll never see it coming. I just hope they are well lubed because that has got to hurt. :evillaugh:

    On the other hand many vBull customers have had enough. They at least are doing the prudent thing to protect their members by shutting down or converting to other software before they get hit.
     
    Big al likes this.
  7. GTB

    GTB Regular Member

    Joined:
    Jun 30, 2009
    Messages:
    1,791
    Likes Received:
    270
    Well the guy was right in the end, but it's just a total mess. Even the staff didn't seem to know what had gone on at first. If they got hacked or not, funny.
     
    Big al likes this.
  8. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Does the staff ever really know what's going on?
     
    Big al likes this.
  9. Chris Teriakis

    Chris Teriakis Regular Member

    Joined:
    Nov 19, 2013
    Messages:
    80
    Likes Received:
    39
    Location:
    Thessaloniki, Greece
    vBulletin -> vBullshit and sorry for my bad words. But reading at vb.org posts from customers in panic to ask some more details not as a way to blame the product but as a way to keep their forums protected, to be treated by vb.org staff like being guilty, it's over than my nerves limitations.
     
    Big al likes this.
  10. ManagerJosh

    ManagerJosh Regular Member

    Joined:
    Sep 27, 2012
    Messages:
    96
    Likes Received:
    87
    You are correct on both counts Scott. The logs currently indicate Magento data was not involved, but a part of me is erroring on the side of caution because the logs could have been tampered with or incomplete due to how long of a window the attackers were inside the system.

    I pressed the issue personally, and Paul noted that the attackers did have access. Whether that access was used or not is another issue altogether.

    Capture - vBulletin.JPG
     
    Autopilot likes this.
  11. Autopilot

    Autopilot Regular Member

    Joined:
    Jul 27, 2013
    Messages:
    514
    Likes Received:
    334
    That is sad. The man just cannot be trusted.
     
    Big al likes this.
  12. SatGuyScott

    SatGuyScott Regular Member

    Joined:
    Oct 28, 2009
    Messages:
    151
    Likes Received:
    119
    Location:
    Newington, Connecticut
    I think people should really start pestering Internet Brands about this idiot.

    His comments could open up Internet Brands to all kind of legal trouble.

    Internet Brands, Inc.
    909 North Sepulveda Blvd., 11th Floor
    El Segundo, CA 90245


    310-280-4000
     
    Big al and Autopilot like this.
  13. Terry

    Terry Regular Member

    Joined:
    Oct 12, 2010
    Messages:
    112
    Likes Received:
    66
    However there was a "HOWEVER" in his apology ...

    Just vote with your cash like many others are ... While Laurel and Hardy are on the support team IB/vB will get not another penny from I or many others ..
     
    Big al and Autopilot like this.
  14. ManagerJosh

    ManagerJosh Regular Member

    Joined:
    Sep 27, 2012
    Messages:
    96
    Likes Received:
    87
    I personally believe Internet Brands got lucky on this one. Had this breach been identified on or after January 1, 2014, they would be subject to the new California Data Breach Law Enhancement SB46:

    The attorney general would have to get involved.

    http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB46

    If SB46 falls under TLDR for you; here's the summary:

    In this particular instance of what applies to Internet Brands, if usernames, emails, security reset questions and/or hashed passwords are compromised, it triggers a data breach notification to users and you can not contact users with the emails on file.

    Be on the lookout as other states will likely start adopting similar legislation in the coming year.
     
    Last edited: Nov 19, 2013
    BamaStangGuy, Dan Hutter and Big al like this.
  15. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    @ManagerJosh - Ok. Thanks for the follow-up.

    Scott
     
    Big al likes this.
  16. ManagerJosh

    ManagerJosh Regular Member

    Joined:
    Sep 27, 2012
    Messages:
    96
    Likes Received:
    87
    Argh. Have a post in moderation right now :(.
     
  17. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    Who feels that this might actually be the downfall of vBulletin as a whole? Less people are going to trust the software and possibly move to other software companies like IPB or Xenforo.
     
    Big al likes this.
  18. Big al

    Big al Regular Member

    Joined:
    May 14, 2013
    Messages:
    1,093
    Likes Received:
    415
    Location:
    OZ
    I think it depends on how much money they are making from other sources. Their actions indicate that they are not interested in maintaining their current VB customer base.

    When an organization treats their customers with disdain it is a precursor to that side of things sliding into oblivion.

    Naturally it is totally illogical for a group that WANTS success, to do the things they are doing, as the management (money wise) are not stupid, it points to another tactic they are following.

    With limited information it is hard to actually say what they have planned. Purely as an assumption, it seems that financially as VB5 has been a huge failure and they have to continue to service the old customers for very little return of money, they MAY be letting it have a natural death while they concentrate on their other income streams that produce more profit.
    In their eyes the almighty dollar is king and so they would have no qualms about letting VB as a service die. To them the customer is a nuisance.

    The continued employment of the terrible trio Mark B, Paul M, and Joe D. who are the most incompetent staff I have ever seen on any site, is confirmation that the management do not give a rats ass about their customers or members. Nor indeed about the continued employment of the staff.

    Some staff like Lynne who have shares I understand, MUST be concerned about the value of her shares, but seems unable to set things right as it would involve a radical change of attitude on the part of the staff and include apologies and the reversing of stupid past actions, this I cannot see them having the courage to do.

    I may be wrong in my assumption, but if it looks like a duck, quacks like a duck and waddles like a duck then there is a good chance that it IS a duck. And I fear the fat lady is making her way to the stage to start to sing.
     
    Last edited: Nov 19, 2013
    Iconic, cpvr and Autopilot like this.
  19. ManagerJosh

    ManagerJosh Regular Member

    Joined:
    Sep 27, 2012
    Messages:
    96
    Likes Received:
    87
    In a post data breach era, it won't make or break a company as much as one would hope. However if there are enough consecutive breaches, yes it will draw fire from customers, and customers' customers
     
  20. Iconic

    Iconic The Original

    Joined:
    Nov 2, 2011
    Messages:
    353
    Likes Received:
    135
    Location:
    Australia
    I don't think it will play a huge part but it will certainly build upon it though and especially as of late with the attitudes of some vB Staff both on vb.com and on admin forums which would not be helping their cause at all.
     

Share This Page