Cyber Incident Victim: Vmedia
Date:
Sep 2019
Location:
Canada
Summary
A zero-day vulnerability in vBulletin software impacted an online community platform, resulting in temporary redirection to an external site. The operator took forums offline to investigate and later restored them after applying the vendor's patch. The attack potentially compromised user account information including email addresses, encrypted passwords, birthdays, and location details stored in the database. Some unencrypted user-provided data may also have been exposed. Account modifications made after a mid-year cutoff were lost during restoration, requiring affected users to revert to previous credentials. The incident highlighted risks associated with unpatched forum software and unprotected user data storage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 25, 2019, VMedia experienced a security incident involving their vBulletin message boards due to a zero-day exploit. The attack temporarily redirected community forum visitors to a third-party website. VMedia responded by immediately taking the affected forum offline to investigate the exploit and assess remediation steps. The company maintained the forum’s offline status while reviewing the vulnerability and awaiting an official patch from vBulletin. Following the release of vBulletin’s patch, VMedia implemented the update and restored forum access. The organization disclosed the incident publicly on September 25 via a website notice, though broader media coverage did not emerge until October 31.
The compromise potentially exposed VMedia’s vBulletin database containing community member account information. Impacted data included user email addresses, encrypted passwords, birthdays, and location details provided during forum registration. While stored passwords were encrypted, other user-submitted information remained unencrypted and vulnerable to exposure. VMedia instructed users to update their forum account credentials and email addresses through account settings as a precaution. The incident also resulted in the loss of all user account changes made after June 2019, including password or email updates, requiring affected members to revert to pre-June credentials. The company acknowledged the inconvenience caused and advised users to readjust their account details following the restoration of the forum.