Comodo, one of the largest SSL Security Certificate Authorities notifies that their vBulletin Forum has been hacked. Comodo Group reported that 170,000 forum users had their data stolen by a hacker who exploited a recently disclosed vulnerability in vBulletin’s internet forum software.
Comodo notifies its forum users
According to the announcement from Comodo, an attacker exploited the vBulletin security flaw on Sunday 11/30/2019; their action resulted “in a potential data breach on the Comodo Forums.”
The Comodo Forum is powered by the open-source Simple Machine Forum software but vBulletin is used on another board dedicated for product updates and discussions, which has far fewer members.
What was affected?
It was found that the affected data includes forum usernames, names, e-mail addresses, IP addresses from the most recent login, social media usernames, passwords and corresponding salt, security questions and hashed security answers, registration dates, messenger usernames and total time logged in.
“User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations.” – Comodo
Comodo has recommended that forum users change their passwords.