Famous hacker through vulnerability in vBulletin crushed into forums for sex workers

Bulgarian hacker InstaKilla continues to attack poorly protected forums. This time, through a vulnerability in vBulletin, he crushed into 2 forums for sex workers.

The hacker known as InstaKilla is the same person who published the data of the National Revenue Agency of Bulgaria (NRA) online in July – although he was not responsible for the actual hacking, but only for an Internet leak. Even earlier, he who compromised the official Comodo forums.

This time the forums EscortForumIt [.] Xxx and Hookers [.] Nl – Italian and Dutch resources for sex workers (in these countries prostitution is legalized) were compromised.

“Both forums were running legacy vBulletin versions and the latest vulnerability CVE-2019-16759 was used for attacks”, – told InstaKilla ZDNet reporters.

Recall that the vulnerability CVE-2019-16759 was discovered and fixed in the forum engine at the end of September this year.

InstaKilla now sells stolen data on a publicly accessible hacker forum, along with information stolen from other vBulletin-based forums. Dumps included usernames, IP addresses, email addresses and password hashes (33,000 entries from the Italian and 300,000 entries from the Dutch forum).

Read also: Researchers found that employees’ errors are the main cause of cybersecurity incidents and problems

According to ZDNet, at the Dutch forum, the hacker seems to have gained access to the information of the internal paid subscription system, although financial data were not included in the sample received by the publication.

After the sale, the stolen information is likely to be used for blackmail.

“While this data is being sold now, this type of information usually finds its way into the public domain at one point or another. When that happens, users with accounts on the three adult-themed sites will be vulnerable to blackmail attempts. This is not a hypothetical scenario”, — write ZDNet journalists.