Cyber Incident Victim: Cerulean Studios

On July 4, 2016, a security breach occurred involving a single server hosting Trillian's retired blog and forums. The attackers exploited a vulnerability specific to the vBulletin forum software deployment, gaining unauthorized access to the system. This intrusion allowed them to extract data from the WordPress blog installation and several marketing-centric databases containing Trillian usernames and email addresses. The compromised information included salted MD5 hashed passwords for both the WordPress blog and vBulletin forums, though no credentials for the core Trillian messaging service were exposed. The affected systems had been deprecated years prior and maintained solely for archival purposes, with most stolen data ranging from 3 to 14 years old at the time of the breach.

Trillian's security team discovered the incident on July 5, 2016, and immediately took the compromised server offline permanently to facilitate forensic analysis. Investigation revealed the attackers leveraged the vBulletin vulnerability to pivot to other services on the same machine. The breached databases contained registration details only for users who had specifically created accounts to post blog comments or participate in forums, with no evidence of compromise to Trillian's primary infrastructure due to prior network isolation measures. While password hashes were stolen, the company emphasized these did not include credentials for active Trillian accounts unless users had reused passwords across services. Impacted individuals received email notifications detailing the incident and clarifying the scope of exposed data. The organization maintained the server would remain permanently decommissioned as part of containment efforts, with ongoing risks limited primarily to password reuse scenarios across other platforms.