Vmedia

Vmedia operates an online community platform, functioning as the operator of user forums built on vBulletin software. The service facilitates user registration and interaction, collecting personal information such as email addresses, encrypted passwords, birthdays, and location details. This data is stored within the platform's database, and users also provide additional unencrypted personal information through their participation. The platform serves a community of registered members who engage on the forums, with the operator responsible for maintaining the infrastructure and safeguarding user data. Based in Canada, Vmedia's core activity is the management and provision of this community forum service.

In September 2019, Vmedia's platform was compromised through a zero-day vulnerability in the vBulletin software. The attack resulted in a temporary redirection of the forums to an external site, prompting the operator to take the community offline for investigation. Following the application of the vendor's security patch, the forums were restored. The incident potentially exposed sensitive user information stored in the database, including email addresses, encrypted passwords, birthdays, and location details. Furthermore, any unencrypted personal data voluntarily provided by users in their posts or profiles may have been accessible to the attacker. During the restoration process, account modifications made after a mid-year cutoff date were lost, necessitating that affected users revert to their previous credentials. This event underscored the significant risks associated with failing to promptly apply critical patches to forum software and the dangers of storing user-provided data in an unprotected format. The breach directly impacted user account security and required remedial action to re-secure the platform and inform the membership.