Results 1 to 2 of 2
  1. #1
    Join Date
    Apr 2014
    Posts
    257

    Exclamation News on vBulletin Data Breach

    First I need to clarify that I am deleting other threads on this topic. Some of the other posts had misleading information, and I want to keep all questions to this thread.

    I received word last night that there was a possible data breach involving forum profiles on tetongravity.com. The news release mentions almost a million records leaked, covering ~140 vB sites. Troy listed our site with almost 25k records leaked. This is only a fraction of our user-base, so I'm not sure how he allocated that number to our domain.

    I'm working on obtaining a copy of this breach. If the initial account list is accurate, it doesn't include everybody, and I'll be sure to reach out to those affected.

    We are currently running the latest patch version of vB, so if a compromise happened, it must have happened in a window between a vulnerability disclosure and the moment in time when I patched the issue. I apologize for the mess, will update this thread when I have more info.

    News articles here:

    http://news.softpedia.com/news/vbull...s-513416.shtml

    https://www.troyhunt.com/i-just-adde...-i-been-pwned/

    Please post any questions you have here or email me: support@tetongravity.com

    I'll be verifying file integrity of all the vB scripts today. If the forums are unavailable briefly, it's because of that and not any ongoing attack.

  2. #2
    Join Date
    Apr 2014
    Posts
    257
    I was able to obtain a copy of the data breach. This will affect about 24.3k profiles. It's the first 24.3k people that registered since they seemed to have grabbed it in order as it's in the user table.

    So they are mostly stale accounts with a few old-timers mixed in. I will start sending notifications within the next few days.

    If you were affected by this, you will receive both an email and PM requesting you to update your password. The PM is included in case the email is out of date (which a lot of the old profiles are).

    If you are notified and don't update your password, I'll do it for you in the next couple weeks. This will cause a problem if your email is out of date, and it could lock you out with no way to reset, so please take action if you receive the direct message.

    The password update page is here: https://www.tetongravity.com/community/password

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •