There's a seemingly endless flood of data breaches these days. Pretty much every day I get sent dumps from somewhere or other, usually websites I've never heard of and often dating back to compromises from years ago. They vary in size from thousands of accounts to many millions - and this is just the ones I've looked at. In short, there's way more data than I have time to process.
Occasionally though, an incident floats to the top of the others which is what's happened over the last few days. There was news just recently of a large number of vBulletin forums having been compromised by an actor known as "CrimeAgency" and the data consequently circulating. I had, in fact, been sent this data and the main reason I hadn't processed it was due to the large number of small incidents it contained. There were 140 databases in total, the largest of which totalled a "mere" 43k accounts. But added up, we're looking at just under one million unique email addresses or 942k to be precise. Given that scale, I've decided to load them all in at once and categorise them as a single incident.
Now here's the tricky bit: I can't point to which breach each account was found in. I've loaded the data into HIBP and titled it "CrimeAgency vBulletin Hacks" but finding your email address in there won't tell you specifically which incident it belongs to. What I've decided to do in order to provide at least some support to those trying to work out where their data was exposed is list all the sites below. This is each file listed in descending size followed by the number of unique email addresses found in it. It's actually the output of one of my parsing scripts so this is precisely what I see when I begin processing a multi-file breach like this:
1: Reading file "yojoe.com-vb-2017.txt" at 3,814kb Found 43,134 distinct emails 2: Reading file "sgcafe.com-vb-2017.txt" at 3,479kb Found 34,201 distinct emails 3: Reading file "techimo.com-vb-2017.txt" at 3,350kb Found 46,736 distinct emails 4: Reading file "porno-maniac.org-vb-2017.txt" at 3,285kb Found 33,770 distinct emails 5: Reading file "forum.jdmstyletuning.com-vb-2017.txt" at 3,055kb Found 34,994 distinct emails 6: Reading file "sedona.com-vb-2017.txt" at 2,951kb Found 32,577 distinct emails 7: Reading file "aussievapers.com-vb-2017.txt" at 2,813kb Found 28,907 distinct emails 8: Reading file "torrent-invites.com-vb-2017.txt" at 2,766kb Found 39,636 distinct emails 9: Reading file "ewebdiscussion.com-vb-2017.txt" at 2,734kb Found 25,662 distinct emails 10: Reading file "forums.bandainamcogames.com-vb-2017.txt" at 2,688kb Found 28,311 distinct emails 11: Reading file "spurstalk.com-vb-2017.txt" at 2,650kb Found 24,416 distinct emails 12: Reading file "texasguntalk.com-vb-2017.txt" at 2,605kb Found 29,476 distinct emails 13: Reading file "gamesforum.com-vb-2017.txt" at 2,346kb Found 33,391 distinct emails 14: Reading file "teens-xxx.org.txt" at 2,240kb Found 12,478 distinct emails 15: Reading file "vapersforum.com-vb-2017.txt" at 2,206kb Found 29,386 distinct emails 16: Reading file "divxup.com-vb-2017.txt" at 2,121kb Found 29,066 distinct emails 17: Reading file "tetongravity.com-vb-2017.txt" at 2,030kb Found 24,599 distinct emails 18: Reading file "marijuanagrowing.com-vb-2017.sql" at 1,936kb Found 17,450 distinct emails 19: Reading file "elluel.net-vb-2017.txt" at 1,578kb Found 16,950 distinct emails 20: Reading file "free-dc.org-vb-2017.txt" at 1,400kb Found 17,330 distinct emails 21: Reading file "community.playkot.com-vb-2017.txt" at 1,378kb Found 14,109 distinct emails 22: Reading file "forums.cashisonline.com-vb-2017.txt" at 1,242kb Found 12,515 distinct emails 23: Reading file "psychonaut.com-vb-2017.txt" at 1,228kb Found 14,076 distinct emails 24: Reading file "forums.mra-racing.org-vb-2017.txt" at 1,173kb Found 14,619 distinct emails 25: Reading file "forums.augi.com-vb-2017.txt" at 1,148kb Found 14,384 distinct emails 26: Reading file "forum.epygi.com-vb-2017.txt" at 1,065kb Found 13,826 distinct emails 27: Reading file "safeskyhacks.com-vb-2017.txt" at 940kb Found 9,815 distinct emails 28: Reading file "fpvlab-vb-2017.com.txt" at 915kb Found 9,845 distinct emails 29: Reading file "xboxforum.com-vb-2017.txt" at 898kb Found 11,112 distinct emails 30: Reading file "forums.kingsoftherealm.com-vb-2017.txt" at 866kb Found 3,008 distinct emails 31: Reading file "rangevideo.com-vb-2017.txt" at 856kb Found 9,520 distinct emails 32: Reading file "maiestas.org-vb-2017.txt" at 855kb Found 8,434 distinct emails 33: Reading file "joyheat.com-vb-2017.txt" at 785kb Found 8,391 distinct emails 34: Reading file "wiiuforums.com-vb-2017.txt" at 779kb Found 7,306 distinct emails 35: Reading file "mernetwork.com-vb-2017.txt" at 764kb Found 7,861 distinct emails 36: Reading file "breezesysforum.co.uk-vb-2017.txt" at 759kb Found 8,323 distinct emails 37: Reading file "pixelentity.com-vb-2017.txt" at 755kb Found 8,152 distinct emails 38: Reading file "gossamerblue.com-vb-2017.txt" at 707kb Found 6,747 distinct emails 39: Reading file "leakninja.com-100k-vb-jan-2017-full.txt" at 678kb Found 7,241 distinct emails 40: Reading file "italianhax.com-vb-2017.txt" at 672kb Found 7,217 distinct emails 41: Reading file "forums.zarafa.com-vb-2017.txt" at 660kb Found 7,849 distinct emails 42: Reading file "kirupa.com-vb-2017-jan-dump.txt" at 618kb Found 8,967 distinct emails 43: Reading file "united-muscle.com-vb-2017.txt" at 551kb Found 5,651 distinct emails 44: Reading file "koboxingforum.com-vb-2017.txt" at 530kb Found 5,894 distinct emails 45: Reading file "canwatchco.ca-vb-2017.txt" at 511kb Found 5,514 distinct emails 46: Reading file "hindudharmaforums.com-vb-2017.txt" at 508kb Found 6,685 distinct emails 47: Reading file "reasonforums.com-vb-2017.txt" at 506kb Found 5,410 distinct emails 48: Reading file "bleachmyasylum.com-vb-2017.txt" at 472kb Found 4,977 distinct emails 49: Reading file "righttorebel.net-vb-2017.txt" at 469kb Found 5,063 distinct emails 50: Reading file "swgreckoning.com-vb-2017.txt" at 453kb Found 4,900 distinct emails 51: Reading file "progressiveears.org-vb-2017.txt" at 449kb Found 4,767 distinct emails 52: Reading file "barcaforum.com-vb-2017.txt" at 441kb Found 4,739 distinct emails 53: Reading file "calltermination.com-vb-2017.txt" at 440kb Found 4,184 distinct emails 54: Reading file "forum.atlasti.com-vb-2017.txt" at 406kb Found 4,891 distinct emails 55: Reading file "burningwheel.com-vb-2017.txt" at 402kb Found 4,631 distinct emails 56: Reading file "pr-rp.com-vb-2017.txt" at 402kb Found 3,653 distinct emails 57: Reading file "community.freebord.com-vb-2017.txt" at 398kb Found 4,557 distinct emails 58: Reading file "tequila.net-vb-2017.txt" at 373kb Found 4,472 distinct emails 59: Reading file "birdphotographers.net-vb-2017.txt" at 367kb Found 3,917 distinct emails 60: Reading file "vrtalk.com-vb-2017.txt" at 341kb Found 3,610 distinct emails 61: Reading file "mtsboard.com-vb-2017.txt" at 327kb Found 3,473 distinct emails 62: Reading file "gaijingamers.com-vb-2017.txt" at 322kb Found 3,396 distinct emails 63: Reading file "va-outdoors.com-vb-2017.txt" at 314kb Found 3,513 distinct emails 64: Reading file "systemtools.com-vb-admin-only-2017.txt" at 300kb Found 4,058 distinct emails 65: Reading file "nflfans.com-vb-2017.txt" at 289kb Found 3,985 distinct emails 66: Reading file "riseofchampions.com-vb-2017-dump.txt" at 286kb Found 3,005 distinct emails 67: Reading file "ps4forums.com-vb-2017.txt" at 280kb Found 2,562 distinct emails 68: Reading file "new-smoke.com-vb-2017.txt" at 268kb Found 2,856 distinct emails 69: Reading file "zonehacks.com-vb-2017.txt" at 259kb Found 2,642 distinct emails 70: Reading file "smallworlds.com-vb-2017.txt" at 251kb Found 2,532 distinct emails 71: Reading file "roaddevils.com-vb-2017.txt" at 242kb Found 2,460 distinct emails 72: Reading file "clan-gameover.com-vb-2017.txt" at 239kb Found 2,516 distinct emails 73: Reading file "smallblockposse.com-vb-2017.txt" at 239kb Found 2,521 distinct emails 74: Reading file "wildraiderz.com-vb-2017.txt" at 236kb Found 2,522 distinct emails 75: Reading file "forum.rompvp.com-vb-2017.txt" at 200kb Found 2,174 distinct emails 76: Reading file "downloadpolitics.com-vb-2017.txt" at 190kb Found 1,746 distinct emails 77: Reading file "pascalgamedevelopment.com-vb-2017.txt" at 177kb Found 2,431 distinct emails 78: Reading file "pixelgoose.com-vb-2017.txt" at 169kb Found 1,750 distinct emails 79: Reading file "darkmills.cc-vb-2017.txt" at 154kb Found 1,564 distinct emails 80: Reading file "forums.supertrapp.com-vb-2017.txt" at 149kb Found 2,060 distinct emails 81: Reading file "scenesat.com-vb-2017.txt" at 148kb Found 1,769 distinct emails 82: Reading file "board.uscho.com-vb-2017.txt" at 142kb Found 1,805 distinct emails 83: Reading file "eirtakon.com-vb-2017.txt" at 136kb Found 1,691 distinct emails 84: Reading file "aosts.net-vb-2017.txt" at 130kb Found 1,310 distinct emails 85: Reading file "ftxgames.com-vb-2017.txt" at 126kb Found 1,304 distinct emails 86: Reading file "nsxprime.com-vb-2017.txt" at 121kb Found 1,743 distinct emails 87: Reading file "foilforum.com-vb-2017-dump.txt" at 121kb Found 1,365 distinct emails 88: Reading file "darkstar-gaming.com-vb-2017'.txt" at 117kb Found 1,278 distinct emails 89: Reading file "backcountrytalk.earnyourturns.com-vb-2017.txt" at 112kb Found 1,213 distinct emails 90: Reading file "devil-group.com.txt" at 111kb Found 1,113 distinct emails 91: Reading file "bdsmfap.com-vb-2017.txt" at 110kb Found 1,182 distinct emails 92: Reading file "greenstandardsltd_companypasses.csv" at 103kb Found 0 distinct emails 93: Reading file "filmleaf.net-vb-2017.txt" at 101kb Found 410 distinct emails 94: Reading file "sledderforums.com-vb-2017.txt" at 99kb Found 1,000 distinct emails 95: Reading file "bluepearl-skins.com-vb-2017.txt" at 93kb Found 949 distinct emails 96: Reading file "forums.superbetter.com-vb-2017.txt" at 93kb Found 997 distinct emails 97: Reading file "forum.pitofwar.com-vb-2017.txt" at 85kb Found 905 distinct emails 98: Reading file "simplelivingforum.net-vb-2017.txt" at 69kb Found 595 distinct emails 99: Reading file "xsyon.com-mmorpg-vb-2017.txt" at 68kb Found 989 distinct emails 100: Reading file "tropicalflowersforums.com-vb-2017-dump.txt" at 65kb Found 938 distinct emails 101: Reading file "atheistfoundation.org.au-vb-2017.txt" at 65kb Found 872 distinct emails 102: Reading file "edmlife.com-vb-2017.txt" at 59kb Found 633 distinct emails 103: Reading file "campgroundmaster.com-vb-2017.txt" at 57kb Found 641 distinct emails 104: Reading file "fishingboard.net-vb-2017-dump.txt" at 56kb Found 699 distinct emails 105: Reading file "supermensa.org-vb-2017.txt" at 54kb Found 554 distinct emails 106: Reading file "gonegambling.com-vb-2017-dump.txt" at 53kb Found 546 distinct emails 107: Reading file "pathfinder-airsoft.com-vb-2017.txt" at 52kb Found 537 distinct emails 108: Reading file "doublefinish.com-vb-2017.txt" at 49kb Found 511 distinct emails 109: Reading file "pashnit.com-vb-2017.txt" at 45kb Found 640 distinct emails 110: Reading file "forum.zenstudios.com-vb-2017.txt" at 39kb Found 543 distinct emails 111: Reading file "bluepark.co.uk-vb-2017.txt" at 36kb Found 376 distinct emails 112: Reading file "ulfencing.net-vb-dump-2017.txt" at 36kb Found 508 distinct emails 113: Reading file "hawkeshealth.net-vb-2017.txt" at 34kb Found 361 distinct emails 114: Reading file "ridetherock.com-vb-2017.txt" at 33kb Found 360 distinct emails 115: Reading file "thehousebreakingbible.com-vb-2017-.txt" at 25kb Found 362 distinct emails 116: Reading file "onlinenutrition.com.au-vb-2017.txt" at 25kb Found 232 distinct emails 117: Reading file "forums.prowrestling.com-vb-2017.txt" at 24kb Found 335 distinct emails 118: Reading file "narc.net-vb-2017.txt" at 23kb Found 255 distinct emails 119: Reading file "koboxingforum.comcrackedPW.txt" at 23kb Found 0 distinct emails 120: Reading file "callofduty-community.com-vb-2017.txt" at 19kb Found 193 distinct emails 121: Reading file "sectionseven.net-vb-2017.txt" at 18kb Found 194 distinct emails 122: Reading file "teamwarfare.com-vb-2017.txt" at 17kb Found 143 distinct emails 123: Reading file "clubdbsa.org-vb-2017.txt" at 16kb Found 193 distinct emails 124: Reading file "thefobl.com-vb-2017.txt" at 11kb Found 138 distinct emails 125: Reading file "mixbizz.com-vb-2017.txt" at 9kb Found 90 distinct emails 126: Reading file "blaze-gaming.net-vb-2017.txt" at 6kb Found 59 distinct emails 127: Reading file "ludoria.net-vb-2017.txt" at 6kb Found 60 distinct emails 128: Reading file "tupacfanbase.com-vb-2017.txt" at 5kb Found 53 distinct emails 129: Reading file "thewalkingdeadgaming.co.uk-vb-2017.txt" at 4kb Found 36 distinct emails 130: Reading file "nifgaming.eu-vb-2017.txt" at 3kb Found 40 distinct emails 131: Reading file "vill.ee-vb-2017-dump.txt" at 3kb Found 50 distinct emails 132: Reading file "forum.diversitynursing.com-vb-2017.txt" at 3kb Found 27 distinct emails 133: Reading file "the420room.com-vb-2017.txt" at 2kb Found 21 distinct emails 134: Reading file "aippm.com-vb-2017.txt" at 1kb Found 21 distinct emails 135: Reading file "theairtacticalassaultgroup.com-forum-vb-2017.txt" at 1kb Found 12 distinct emails 136: Reading file "2ndfloor.org-vb-2017-forums.txt" at 1kb Found 11 distinct emails 137: Reading file "gtsportstalk.com-vb-2017.txt" at 1kb Found 4 distinct emails 138: Reading file "forums.creative.com.sql" at 1kb Found 5 distinct emails 139: Reading file "vigilantgaming.net-vb-2017.txt" at 1kb Found 6 distinct emails 140: Reading file "blacklistedsociety.com-vb-2017.txt" at 1kb Found 5 distinct emails Total distinct emails: 942,044
Most of these contain usernames, email addresses and hashed and salted MD5 passwords. When you glance through this list, you may notice that some of the sites are, well, more orientated towards "discerning adults". Consequently, I've flagged this breach as sensitive so it can't be publicly searched. Use the free notification service and click the link sent in the verification email to see if your account was exposed.
Last thing I'll add to this - stop self-hosting vBulletin! Seriously, pay professionals to do it and that goes for other managed platforms too. You're reading this on a blog served by Ghost Pro and I very happily pay those guys to do it properly for me. The 140 databases above and the dozens of other similar ones in HIBP are from people trying to do this themselves and simply not staying up to date with patches. Don't risk it!