Last updated 1 week ago
In August 2012, The Botting Network, a forum dedicated to making money through botting, suffered a data breach that exposed 96,320 user records. The now-defunct vBulletin-based forum leaked email addresses, usernames, dates of birth, and salted MD5 password hashes. The breach was publicly disclosed through Have I Been Pwned, highlighting the risks associated with outdated forum software and weak password storage practices. The incident underscores the importance of securing user data in online communities, particularly those discussing potentially controversial topics like botting.
Data breach of vBulletin forum
Security controls that failed included inadequate protection of user data in a vBulletin forum and reliance on salted MD5 hashing, which is considered cryptographically weak. Recommendations include using stronger password hashing algorithms (e.g., bcrypt, Argon2), regularly updating forum software to patch vulnerabilities, implementing robust access controls, and monitoring for unauthorized data access. Additionally, forums handling sensitive user information should employ encryption for data at rest and in transit, conduct regular security audits, and educate users on strong password practices.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector