Thanks to a vBulletin exploit, openSUSE's forum admins are dealing with nearly 80K leaked email addresses. A Pakistani “hacker,” calling themselves H4x0r HuSsY, used a known vBulletin vulnerability to deface the openSUSE forums, and compromise databases stored by the site. “A cracker managed to exploit a vulnerability in the forum software which made it possible to upload files and gave access to the forum database,” explained the announcement on openSUSE.org. The upside to the attack is that the passwords claimed to have been taken are useless to the aforementioned “hacker.” The openSUSE forums, and all openSUSE logins, use a single-sign-on system from NetIQ. The announcement continued: Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password. However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those, the hackers had access to, and we’re very sorry for this data leak! The openSUSE forums used version 4.2.1 of vBulletin’s software. Last July, the 4.1.x branch of vBulletin was proven vulnerable, and website administrators were urged to upgrade their installations. The disclosed flaws were later linked to a breach at UbuntuForums.org. After that, in November, a vulnerable vBulletin installation on MacRumors.com was compromised, which led to the exposure of 860,000 accounts. The openSUSE forums only have 79,456 members, and the organization’s use of an SSO solution means that the severity of the incident was seriously downgraded. While bragging about the attack “H4x0r HuSsY” promised not to release the data base dump, because he/she only wanted to expose the security problems on the site. Then again, this pledge was made after it was disclosed that the passwords were worthless. So the main bragging points from the defacement were stripped away. At the end of the day, proactive security planning by openSUSE administrators and the use of an SSO are the heroes here. Passive attackers will always be around, and they will seek out known vulnerable software and have their fun. In this case, it was a forum defacement and partially mitigated data leak. But it could have been worse. The openSUSE forums are offline, and will remain so until the Linux distributor addresses the vulnerability. Best guess, they’ll upgrade to the 4.2.2 branch. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe