CYBER NEWS

vBulletin Forum Hack: Hackers Are Selling Data of Flirtsexchat Users

Remember CVE-2019-16759, the vBulletin vulnerability which was found to affect hundreds of thousands of internet forums? The bug has been exploited in attacks. What is worse, it was leveraged to steal data from Flirtsexchat.




As the name suggest, Flirtsexchat is a forum where people discuss highly personal topics regarding sex. The data harvested from the sex forum is now being offered on a cybercrime forum where hackers and data collectors can obtain it.

It is important to note that the genuine origin of most of the accounts on such forums is questionable, as there may be plenty of fake accounts created to misled users. However, this event goes on to show how easy it is to “break” the security of a website which features highly sensitive data. Just for reference, some of the topics covered on the Flirtsexchat forum include threads about sex in public, BDSM, etc. Some of the users have also shared their social media handles.

How authentic is the Flirtsexchat user data?

Motherboard cross-referenced usernames that appear on the site and checked that they matched ones in the database, and also tried to create accounts with email addresses in the database,” Vice said. However, this turned out to be impossible, as the addresses were already in use, which corroborated that the database contains real user data.

Related:
A gray hat known as Revolver recently tweeted that he exploited a flaw in Pornhub and had shell access to a Pornhub subdomain.
Pornhub in a Server Breach Hoax, Hacker’s Claims Rated Bogus

More about the CVE-2019-16759 vulnerability

The CVE-2019-16759 flaw could allow an attacker to execute shell commands on the server running the vBulletin installation. It also should be specified that the potential attacker doesn’t need a registered account on the forum to be targeted. This is also known as a pre-authentication remote code execution attack, which is considered one of the worst flaws against web-based platforms.

Tenable researchers were able to analyze and confirm that this exploit works on default configurations of vBulletin. Based on the public proof of concept code, an unauthenticated attacker can send a specially crafted HTTP POST request to a vulnerable vBulletin host and execute commands.

vBulletin is currently the most popular web forum software package. Its market share appears to be larger than open-source solutions such as phpBB, XenForo, Simple Machines Forum, etc.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...