Famous hacker through vulnerability in vBulletin crushed into forums for sex workers

Bulgarian hacker InstaKilla continues to attack poorly protected forums. This time, through a vulnerability in vBulletin, he crushed into 2 forums for sex workers.

The hacker known as InstaKilla is the same person who published the data of the National Revenue Agency of Bulgaria (NRA) online in July – although he was not responsible for the actual hacking, but only for an Internet leak. Even earlier, he who compromised the official Comodo forums.

This time the forums EscortForumIt [.] Xxx and Hookers [.] Nl – Italian and Dutch resources for sex workers (in these countries prostitution is legalized) were compromised.

“Both forums were running legacy vBulletin versions and the latest vulnerability CVE-2019-16759 was used for attacks”, – told InstaKilla ZDNet reporters.

Recall that the vulnerability CVE-2019-16759 was discovered and fixed in the forum engine at the end of September this year.

InstaKilla now sells stolen data on a publicly accessible hacker forum, along with information stolen from other vBulletin-based forums. Dumps included usernames, IP addresses, email addresses and password hashes (33,000 entries from the Italian and 300,000 entries from the Dutch forum).

Read also: Researchers found that employees’ errors are the main cause of cybersecurity incidents and problems

According to ZDNet, at the Dutch forum, the hacker seems to have gained access to the information of the internal paid subscription system, although financial data were not included in the sample received by the publication.

After the sale, the stolen information is likely to be used for blackmail.

“While this data is being sold now, this type of information usually finds its way into the public domain at one point or another. When that happens, users with accounts on the three adult-themed sites will be vulnerable to blackmail attempts. This is not a hypothetical scenario”, — write ZDNet journalists.

This has already happened – just remember the hacking “site for betrayal” Ashley Madison in 2015, and its consequences.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button