Last updated 1 week ago
In July 2016, the Web Hosting Talk forum suffered a data breach that exposed 515,149 user records. The vBulletin-based forum had user data including usernames, email addresses, IP addresses, and salted MD5 password hashes compromised. The breached data was subsequently listed for sale on the dark web. The breach highlights vulnerabilities in forum software and the risks associated with storing user authentication data even in hashed formats.
Data breach of vBulletin-based forum with stolen data subsequently listed for sale
Security controls around forum software configuration and patch management failed. The use of salted MD5 hashes, while better than plain text, represents outdated password storage practices. Recommendations include implementing stronger password hashing algorithms (like bcrypt or Argon2), regular security audits of web applications, monitoring for data leaks on dark web markets, and implementing multi-factor authentication for user accounts.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector