Announcement

Collapse
No announcement yet.

Did our email addresses get compromised in the vBulletin board hack?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Did our email addresses get compromised in the vBulletin board hack?

    I just got a phishing/extortion email on the address that I use here on the Forum. I have multiple email addresses and have them set up on my own domain through my hosting company. I know exactly where each email address is used. I just reviewed the list of places where I use the address I have in my Organ Forum profile and this is the only "public" site on that list.

    When the vBulletin software was hacked, did our email addresses get compromised?
    Larry is my name; Allen is an organ brand name.

    Main: Allen RMWTHEA.3 with Rocky Mount Electra-Piano, Allen 423-C + Gyro cabinet, Britson Opus OEM38, Saville Series IV Opus 209, Steinway AR Duo-Art, Mills Violano Virtuoso with MIDI
    Lower Level: Hammond 9812H with roll player, Gulbransen Rialto, Roland E-200, Vintage Moog
    Shop: Mason&Hamlin AR Ampico piano, Allen ADC-5300-D with 18 speakers and MIDI, 4 Allen theater organ tone cabinets (including 3 Gyros, but don't call me Gyro Gearloose!).

    #2
    Maybe.

    On the one hand, although files containing malware were found on site, the hack was unsuccessful in that it crashed the site, diminishing the likelihood that data could be extracted. Further, the database containing Forum member email addresses is on a completely different server than the website with its own set of credentials and there's no evidence that the database was compromised. Finally, I discovered the hack within four hours of its occurrence, so the window of vulnerability was small.

    On the other hand, the exploit simply opened a backdoor to the site that permitted hackers to install and run malicious software.. The exploit itself contained no malware, so there is no single set consequences or damages applicable to all hacked sites as that depends on malware installed by each individual hacker. This makes it impossible to reach a conclusion as to what data, if any, was compromised.

    I suspect that if the intent of the Organ Forum's hacker was to extort members via their email addresses, then we all would have received such emails when you did. I've seen no indication of this nor has their been report of such activities on the vBulletin support forum. Only if you've never received any spam or legitimate correspondence on that address can you possibly conclude that your email address was compromised by the exploit.
    -Admin

    Allen 965
    Zuma Group Midi Keyboard Encoder
    Zuma Group DM Midi Stop Controller
    Hauptwerk 4.2

    Comment


      #3
      Thank you for your explanation. I put this out there in case anyone else has seen such an email. The address I use on here is tightly controlled and does not have public visibility on the web. Since I set up this address I've never had a single spam message, and that is true of all of my addresses with one exception - the one I used for e-commerce. I've since deleted that address from the email host server.
      Larry is my name; Allen is an organ brand name.

      Main: Allen RMWTHEA.3 with Rocky Mount Electra-Piano, Allen 423-C + Gyro cabinet, Britson Opus OEM38, Saville Series IV Opus 209, Steinway AR Duo-Art, Mills Violano Virtuoso with MIDI
      Lower Level: Hammond 9812H with roll player, Gulbransen Rialto, Roland E-200, Vintage Moog
      Shop: Mason&Hamlin AR Ampico piano, Allen ADC-5300-D with 18 speakers and MIDI, 4 Allen theater organ tone cabinets (including 3 Gyros, but don't call me Gyro Gearloose!).

      Comment

      Working...
      X