VBulletin

In November 2015 the forum software provider vBulletin suffered a major security breach. An attacker exploited a zero-day vulnerability to gain unauthorized access to the company systems. This incident resulted in the compromise of both the vBulletin community forum and the customer support site. The exposed data included internal credentials and sensitive customer details. Technical analysis revealed that the breach was facilitated by a flaw in the software itself which allowed remote command execution. The leaked database contained md5 hashed passwords along with security questions and answers which significantly increased the risk for affected users who reused credentials across multiple platforms.