Cyber Incident Victim: MyBB
Date:
Jan 2015
Location:
United States of America
Summary
A hacker compromised a staff member's accounts, leading to unauthorized access to the organization's Twitter profile and GitHub repository. The attacker posted offensive content, staff IP addresses, and installation statistics via Twitter, while falsely claiming possession of unpatched SQL injection and XSS vulnerabilities. The breach occurred due to a plaintext Twitter password stored in a forum thread and reused credentials for GitHub without two-factor authentication. The targeted staff account lacked administrative privileges, preventing access to user data or sensitive systems. MyBB regained control after isolating the breach within hours and collaborating with Twitter to recover the hijacked account. The exposed GitHub material contained only initial framework code, not the actual unreleased software under development.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The MyBB incident began in late January 2015 when an unauthorized actor compromised a staff member’s community forum account and personal website. This breach enabled access to MyBB’s official Twitter account, as the attacker discovered the account’s plaintext password stored in a forum thread. The hijacker used the Twitter account to disseminate offensive content, internal staff IP addresses, and installation statistics for the forum software. They additionally claimed possession of information regarding unpatched SQL injection and cross-site scripting vulnerabilities in MyBB’s codebase. MyBB’s security team detected the intrusion and within two hours isolated the breach by banning the compromised staff account, preventing further unauthorized access to private data. Investigation confirmed the affected staff member lacked administrative privileges to the Admin Control Panel, ruling out exposure of user data. The attacker altered the Twitter account’s password and associated email address to obstruct recovery, necessitating intervention by Twitter’s support team to restore access after the platform locked the account during its investigation.
Several days after the initial breach, an individual posted screenshots purportedly showing MyBB 2.0’s GitHub repository on a forum, offering the source code for sale in exchange for Bitcoin. Forensic analysis revealed the compromised staff member had reused passwords across GitHub and other services without enabling two-factor authentication. MyBB clarified the GitHub account contained only an initial Laravel framework commit, with no substantive MyBB 2.0 code present, as the software remained in pre-alpha development. The organization confirmed no evidence suggested broader data compromise beyond the Twitter and GitHub incidents. In response disclosures, MyBB highlighted existing security protocols including mandatory secret PINs for Admin Control Panel access, two-factor authentication on staff email and GitHub accounts, and rapid patch deployment for critical vulnerabilities. The incident underscored operational risks from password reuse and inadequate credential storage but did not compromise user information or core intellectual property.