The major vBulletin flaw affected a major cybersecurity player, resulting in a hacked forum and hundreds of thousands of user accounts compromised.
The company in question is Comodo, and its forum was hacked four days after the patch for the vulnerability was made public.
The flaw itself is allegedly very easy to exploit, and it allows the hacker to execute malicious code on a vulnerable forum. In this particular case, it was used to dump the database.
Announcing the breach (on the forum itself, of all places), Comodo said that whoever was behind the attack took usernames, names and email addresses, as well as the last IP address that the victim used to access the forum. Hackers also managed to steal some social media handles and usernames.
Comodo has roughly 245,000 registered users.
Now, hacking a forum isn't the most dangerous of breaches, but given that people often use the same passwords across a multitude of services, a Comodo forum breach could cost someone on a different service altogether – dearly.
“An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database,” Comodo said.
“As a precautionary measure we recommend that forum users should immediately change their passwords and exercise good password practices such as strong random passwords and not share your passwords across different Internet accounts. The account passwords were encrypted in vBulletin for the Comodo Forum users, but a password change is recommended as part of good password practices,” Comodo said, before adding that it “deeply regrets” any inconvenience or distress caused.