In September, VMedia notified members of a vBulletin 0day
Today I learned from one of my readers that VMedia had a breach that they had disclosed back on September 25, but it apparently wasn’t picked up by media outlets until October 31. The following is the notice from their website. The media coverage is in French.
On September 25, 2019, vBulletin message boards experienced a zero day attack, which resulted in our community being redirected to a 3rd party website temporarily.
Subsequently, we promptly took our community forum offline, as we reviewed this exploit and considered next steps.
vBulletin has since published an official patch, which we have implemented, and our forum is back online and available once again.
We consider the privacy and security of our customers’ paramount, and want to be transparent and forthcoming with regard to which data may have been compromised, as a result of this exploit.
It is possible that our vBulletin database was compromised, which includes the account information of our community members.
Specifically, user email addresses, passwords, birthdays, and location details may have been vulnerable. While vBulletin encrypts stored user passwords, other user entered information is not encrypted, and may have been compromised in this attack.
We would strongly recommend updating the email address and password used to access our community forum in your account settings.
Additionally, any user account changes made after June 2019 (password, email) have been lost, and accounts have been returned to their previous state. If you updated your email or password after June 2019, please login using your former credentials and consider adjustments accordingly.
We apologize for the inconvenience and thank you for your patience and understanding.