CrimeAgency

In January 2016 a significant security breach occurred when a threat actor known as CrimeAgency successfully compromised approximately 140 different vBulletin discussion forums. The incident involved the exploitation of vulnerabilities within the vBulletin software which allowed the attacker to extract sensitive user information from multiple databases simultaneously. The leaked data was subsequently distributed across various underground hacking communities. The breach exposed millions of user credentials including salted MD5 password hashes which were common for that version of the forum software at the time.