ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

CrimeAgency vBulletin Hacks Data Breach

Limited exposure
Verified breach Sensitive Passwords exposed
Accounts exposed 942,044
Breach date 19 Jan 2017
Added to tracker 21 Mar 2017
Data classes 3

What happened

In January 2016, a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency". A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed. Refer to the complete list of the forums for further information on which sites were impacted.

Exposed data

Email addresses Passwords Usernames

Recommended actions

  • Change your CrimeAgency vBulletin Hacks password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing CrimeAgency vBulletin Hacks โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP