Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing the personal information of 27 million accounts, according to the breached data monitoring service LeakedSource.

Most of the accounts were accessed associated with gaming websites on the Russian Internet company and e-mail platform The breached websites used outdated versions of the vBulletin software that contained SQL Injection flaws in the Forum Runner add-on.

LeakedSource told PCWorld that four or five attackers exploited a SQL injection vulnerability in vBulletin's forum software. “Unfortunately we can confirm the existence of a 0day Vbulletin exploit. Expect lots of data to be added to LeakedSource,” the monitoring service tweeted last month.

The breached user information included usernames, email addresses, phone numbers, IP addresses, birthdays, and phone numbers. Several other domains were also breached, including,,,,,,, and

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.