Up to 200,000 users of a Grand Theft Auto fan site have had their personal details exposed online after the website’s online forum was breached by hackers last month by exploiting security flaws in a piece of software called vBulletin.
The website in question, called GTAGaming.com, was a hub for news, rumours and updates about the massively popular Grand Theft Auto video game, one of the best-selling series of all time.
The leak, which has been analysed in detail by cybersecurity researcher Troy Hunt, reportedly contained 197,000 unique email addresses alongside a trove of hashed passwords, personal user details and IP addresses.
In statement posted to the homepage of the website, GTAGaming administrators said the forums have now been closed “permanently” and that “any accounts not updated within the next couple weeks will be deleted from the database.”
The post continued: “We will be moving the account database into a more secure authentication system, removing all trace of the vBulletin forum software, and until then will be keeping a close eye to prevent any further compromises.”
“Upon logging into the site you will find you are forced to change your password, and shortly we will be force resetting all passwords not updated. We also recommend changing your password on any site(s) that may have used the same one.”
Hunt, who manages the breach notification website ‘Have I Been Pwned?’, said on Twitter the details have now been loaded into his system that users can now check to find out if they are impacted by the data leak.
The administrator of GTAGaming, Shawn Harkin, told Motherboard the number of real users impacted by the hack was likely to be far smaller in reality due to the amount of spam addresses that likely riddled the website.
“Of course, data for even one account being stolen is already one too many, it is at least fortunate in this scenario that the number of actual people affected would be significantly less than even 30,000,” he said.
Now, the future of the website as a whole is questionable. In its online statement, the website admins admitted: “We don’t know what the future of this site will be.”
The post continued: “Being hacked is not in anyone’s best interests, if we cannot successfully maintain a secure account database for our users, we may need to consider closing both sites. For now, we apologise for this inconvenience, and hope that no one is any further affected by this database breach.”
Have I been pwned? @haveibeenpwned
New breach: The GTAGaming forum had 197k user accounts hacked this month. 57% were already in @haveibeenpwned https://haveibeenpwned.com
3:14 AM – 24 Aug 2016
34 34 Retweets 12 12 likes
Noting a barrage of recent vBulletin security breaches of late, Hunt published a blog post on the subject and said many of the issues could not be blamed on sophisticated computer hacking and instead revolved around out-of-date patches.
“When GTAGaming was hacked, they were two major releases behind the current generation and four and a half years behind in their patches for the major version they were running. And this is the real story with vBulletin – installations going unloved,” he wrote.