We have reported on breaches that use vulnerabilities in vBulletin. Now, LeakedSource is reporting that a flaw in vBulletin is responsible for the breach of 11 websites that has exposed personal information of 27 million accounts.

Most of the breaches were on gaming sites mostly in association with Russian Internet company and e-mail platform mail.ru. The breaches were made possible using outdated versions of vBulletin using SQL Injection flaws in the Forum Runner add-on.

The researchers said the exploit was SQL injection in the forums software. “Unfortunately we can confirm the existence of a 0day Vbulletin exploit. Expect lots of data to be added to LeakedSource,” according to LeakedSource.

What the hackers gained was usernames, email addresses, phone numbers, IP addresses, birthdays, and phone numbers. Additional domains were also breached including expertlaw.com, ageofconan.com, anarchy-online.com, freeadvice.com, gamesforum.com, longestjourney.com, ppcgeeks.com, and thesecretworld.com.

Source: SCMagazine