Outdated vBulletin forum software is being blamed for the breach of a Grand Theft Auto fan forum called GTAGaming. It marks the second time in two days a gaming forum has been targeted by hackers and that a SQL injection vulnerability is believed to have been exploited.
The fan website notified users Tuesday of a database breach in which email addresses, hashed passwords and other profile data was accessed. GTAGaming also said the forum would be shut down and migrated.
“We have now closed the forums permanently. We will be moving the account database into a more secure authentication system, removing all trace of the vBulletin forum software, and until then will be keeping a close eye to prevent any further compromises,” GTAGaming wrote.
Troy Hunt, who runs the data breach repository HaveIBeenPwned.com, noted on Twitter that he estimates data for 197,000 GTAGAming forum users was exposed in the hack. Upon further analysis, Hunt tweeted, 57 percent of email addresses breached were already involved in other breaches recorded in his HaveIBeenPwnd database.
New breach: The GTAGaming forum had 197k user accounts hacked this month. 57% were already in @haveibeenpwned https://t.co/hv1u9SEsMR
— Have I been pwned? (@haveibeenpwned) August 23, 2016
Hunt’s research into the GTAGaming forum revealed the site was running on an old version of vBulletin software (3.8.7) launched in 2004. “When GTAGaming was hacked, they were two major releases behind the current generation, and four and a half years behind in their patches for the major version they were running. And this is the real story with vBulletin – installations going unloved,” wrote Hunt in a blog post Wednesday.
“When you look at the history of vBulletin sites being hacked, it’s rarely 0-day vulnerabilities so we’re usually not looking at an attack and saying ‘Wow, we’ve never seen that before!’ Of course this does sometimes happen but vBulletin issues patches, people take them then we all move on. In theory,” Hunt wrote.
Vulnerable vBulletin software was also blamed for Monday’s Epic Games forum hack where 800,000 email address were exposed with a lesser number of passwords.
Over the past two months, gaming forums Defense of the Ancients 2 and Disney Playdom have also been hacked. Disney used the vBulletin software and it’s believed the hackers exploited a SQL injection vulnerability in that case.
Ryan O’Leary, vice president of WhiteHat Security’s Threat Research Center said that SQL injection vulnerabilities are still common web-based vulnerabilities. “SQL injection is a nasty vulnerability that leads to breaches in databases that enable hackers to dump and see everything in there,” he told Threatpost.
WhiteHat Security estimates that 5 percent to 10 percent of sites on the internet suffer from a SQL injection vulnerability. “It’s pretty scary to think five of the 100 past sites you’ve visited could be dumping your data.”
When asked for comment vBulletin Software did not return requests in time for publication. Additionally, requests for comment from GTAGaming were not returned.
In the interim, GTAGaming has triggered a password reset for all of its users that log into the forum. The site is also urging its customers to change passwords for accounts that share the same account settings.