Mickey Mouse Club had Mickey Mouse security: Disney's Playdom forum pours out passwords

vBulletin forumware powering site is known as a sieve

The latest forum to leak, Disney's Playdom, was running the vBulletin forumware already known to have leaked big back in June.

On Friday, Disney announced it had taken the forum offline after discovering someone had accessed usernames, passwords, e-mail addresses, and logged IP addresses for playdomforums.com accounts. Its oops-we're-so--sorry-statement includes the usual useless assurance that no credit card data was held on the site.

At the time of writing, the site remained offline. Disney hasn't stated how many accounts were leaked in the attack, nor has it explained why passwords were held in an accessible format.

Disney hasn't stated how many accounts were breached, but GameInformer says the forums had around 391,000 members.

Troy Hunt noted the connection to vBulletin over the weekend:

This is supported by a forum post dated 2010.

The popular CMS was used by Verticalscope in a June 2016 breach that leaked around 45 million sets of credentials.

In 2014, vBulletin user OpenSUSE leaked e-mails but not passwords; vBulletin's own forums were hit in November 2015. ®




Biting the hand that feeds IT © 1998–2018