Quote Originally Posted by wayninja View Post
Ok, I have no idea why that screams bruteforce. Bruteforce is really messy, leaves a really obvious trail, is extremely inefficient, and is fairly easily protected against. But I don't really know, so I won't argue either.

It's just as likely that the password was intercepted because no encryption.
Well, it being intercepted due to lack of https is quite a ways down on the likely scenarios of what happened. For that to occur, the hacker has to have a sniffer somewhere between the user's machine and the server. Possible, but not likely unless the users machine or the data center/server have been compromised.

Many more likely scenarios, such as a vB vulnerability. The same username/password being used on other sites, which have been hacked and that username/password is out on dark sites.

Hopefully, this will be a one off event. In the meantime, I've already reached out to vB and am looking at the various add ons, like the High Five system, to see if any of them now have a known vulnerability. Since this guy seems to be targeting vBulletin sites, it means there might be a vulnerability on vB that hasn't been discovered yet.

This is one of the reasons, while a pain in the butt, that it's best to always use a unique password for every site that you are on. So, if Sony's username/password list is hacked and you have a Sony account, that it can't be used to get into your Amazon or Bank of America accounts.