notebookreview.com vbulletin security breach

The forums on www.zimbra.com were recently the target of an attack in which the main forum page was defaced and some personal data was potentially compromised. The personal data that may have been compromised is relegated to the following: email addresses registered to the forums, demographic data shared and real names given during the registration process, and passwords. The attack was limited solely to the forums; no billing data, credit card numbers, or any other personal data was compromised at any time.

This attack was due to a vulnerability found in third-party software used by Zimbra to run the forums on www.zimbra.com. As soon as the attack was detected, we took steps to block access to the attackers and placed the forums in a maintenance mode to prevent further risk while we investigated and saved forensic data. Steps have now been taken to update the software to address the vulnerability that was exploited and to prevent future such incidents. Zimbra security is also investigating the incident further to determine if legal action is necessary.

As a result of the exploit, some accounts may have been compromised and encrypted passwords received, posted, or changed by the attackers. We have reset all passwords, and everyone with a forum account on www.zimbra.com will be required to go through the email verification process to reset their passwords and regain access to their accounts.

We do apologize for the inconvenience. If there are any further questions, please contact us at support@zimbra.com.

Dear NotebookReview Forums User:

We've discovered a security breach in the NotebookReview Forums. We are strongly encouraging you to change your passwords on the NotebookReview Forum and on any other systems where you use the same username and passwords.

vBulletin, the forum software we use, has confirmed that the software contains a security hole, and we've followed their directions and corrected the issue.

We've thoroughly reviewed our logs and identified that hash-encrypted stores of user names and passwords may have been accessible to the criminal hackers responsible for the breach. There is the potential that a skilled hacker could decrypt that information, so we are informing our entire user base and urge that you change your password immediately.

We are investigating the breach and intend on pursuing legal action against the violators when they are identified. TechTarget and NotebookReview take the security of your information very seriously and apologize for any inconvenience.