Forum data breach?

smartcloud · September 16, 2020, 1:14pm

Got this from my lifelock alerts today.
I dont recall getting a notification about a data breach from Itarian?

What We Found

Activity
Potential Data Exposure

Description
The site forum.itarian.com has been reported in June 2020 to possibly have suffered a data exposure that could include 50,397 records

Exposed Information
info_outline

Email
e**i@smart-mail.net

Additional Exposed Information
info_outline

Username, Password, IP Address-32 Bit

smartcloud · September 22, 2020, 1:04am

Why no response.

eztech · September 23, 2020, 4:12am

No comment from ITarian? That doesn’t look too good…

smartcloud · September 23, 2020, 1:33pm

Yes, this does not look good.
The fact they are not responding is unacceptable.
If they had a breach they are obligated to notify us.
I dont recall even hearing about this.

melih · September 23, 2020, 3:25pm

This is an old news that was already handled and forum alerted in the past. I have no idea why lifelock is doing this now, best to check it with them.

eztech · September 23, 2020, 3:30pm

Thanks. I was worried this was another such incident, so happy to hear otherwise.

smartcloud · September 23, 2020, 3:39pm

I did search the site but couldnt find anything, can you point me to the info.

smartcloud · September 23, 2020, 3:53pm

Thank you for responding.
This stuff is very important for us to know and I could not recall seeing anything about it.

melih · September 23, 2020, 7:09pm

Of course. We follow a responsible disclosure guideline.

Elif · September 25, 2020, 5:54pm

Hello @smartcloud @eztech,

We had this breach back in June, which was immediately handled, thus there was no harm done to any of our users.

The root cause of the problem was about a vulnerability on a specific vBulletin version, and was thus was exploited to exfiltrate some data from the forum. After this happened, we have taken numerous precautions to prevent this in the future. We have moved the forum to a centralized infrastructure which allows us to be aware of vBulletin patches earlier, thus giving us the ability to apply patches almost immediately after they are released.

Last few releases of vBulletin (whether it is about security or not) was applied within 6 hours after they were released.

We also improved the account security on forum.

Some services may pick up these incidents very late, probably Lifelock also has newly alerted for that incident

We are again sorry for the inconvenience and guarantee that your accounts are safe.

Best regards,
Product Management Team

smartcloud · September 25, 2020, 6:06pm

@Elif,
Thank you for that.
Like I said I dont recall seeing anything about it and couldnt find anything when searched the forum.

Its important to know since I want to have an answer if a client brings it up.
looks really bad if I didnt know that the provider of the security company I suggest they look at had a breach.
Always good to prepare for the difficult questions.

Lifelock found my info the dark web.