Hacked: Hacking Finance

Breaches

800,000 Accounts Compromised in Porn Site Brazzers Forum Hack

Posted on .

800,000 Accounts Compromised in Porn Site Brazzers Forum Hack

Introduction

A breach of major porn provider Brazzers’ forum has resulted in the leaking of around 800,000 user accounts.

Although users of the forum itself are the primary victims, reports by security researchers have confirmed that a number of folks who’d never visited the forums may also have been exposed. According to webofworth.com, Brazzers.com is worth over $94 million at time of writing. A cottage industry also exists for logins to the site, which produces original, premium pornographic content.

The hack appears to have originated from a vulnerability in the site’s forum software, vBulletin. vBulletin is a software package like any other, and requires scheduled maintenance and upgrades. It is also vulnerable to occasional snafus in coding, and it appears the exploit has been used elsewhere as well. It could be said the real story here is a story of failure at system administration. Placing the trust of a nearly a million people in a beta version of a forum software can have its consequences.

According to security researcher website Security Affairs, at least 27 million other recordss have been exposed in recent times as a result of vBulletin vulnerabilities. These expositions include millions of users of Grand Theft Auto, a popular reality crime game. Forums are one of the oldest ways to communicate on the internet, predating messaging clients like AOL Instant Messenger, and arguably are the descendants of the original online communities, Bulletin Board Systems (BBSs), which fomented the early Internet even before the birth and expansion of the Worldwide Web.

Password

According to researcher Troy Hunt, the problem with vBulletin is in the way it hashes passwords. While their method has improved over the years, forum software often goes neglected, and older versions, which utilized weaker hashing algorithms, are left in operation for years after they have been abandoned by developers. Hunt was able to crack a series of password hashes dumped by using his GPU, the same method which was once used to mine Bitcoin and is still used in a number of other cryptographic-based currencies:

I grabbed hashcat (which is now open source, by the way) and then checked out the example hashes page and found vBulletin with the hash modes 2611 and 2711 for the older and newer versions respectively.

Hunt also correctly asserted that a number of commonly used vBulletin hacks are public knowledge, and yet versions of the software which are vulnerable to them persist in the wild. Forum software is like the Windows XP of the web: despite knowing it is dangerous, someone is still using it in production, even after it loses support from the vendor.

Password security is a game of cat and mouse, of course. Methods such as two-factor authentication can greatly reduce the success rate of a password breach, even with the most advanced hardware cracking the passwords. However, even this method has its weaknesses, and hackers have demonstrated and theorized about ways to get around it, as well. In the case of vBulletin maintainers, periodic forced resetting of passwords could be helpful, so that hackers may continually be working with outdated versions of the password databases. The providers of vBulletin may do well to reconsider their password hashing methods. Troy Hunt says that the yield from last year’s

Troy Hunt says that the yield from last year’s Ashley Madison attack were about 77 million times slower to crack because of the method that was used to hash them, bcrypt. Scrypt, a popular hashing algorithm for cryptocurrencies which use Litecoin as their base, is also recommended.

Images from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

P. H. Madore

P. H. Madore

http://phm.link

P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and is currently nearing the completion of a cryptocurrency exchange in concert with the firm he primarily works for, Vermont Secure Computing Consultancy.

Comments
  • user

    AUTHOR Jess Cridge

    Posted on 10:39 pm September 7, 2016.

    Brazzers porn forum hack user details it’s here

  • View Comments (1) ...
    Navigation
    Futuristic predictions such as pilotless planes and 3D printed plane…