Video gaming mags’ online forum still closed, almost three weeks after hack attack

PC Gamer magazineIt’s been almost three weeks since publishing group Future discovered that hackers were attempting to exploit a vulnerability in the online forum of one of its popular magazines.

A moderator on the PC Gamer online messageboard had spotted a suspicious script hidden in a forum announcement on July 19th, designed to steal details of users – including their password and date of birth – if clicked.

According to an announcement posted on the GameHacking forum, Future’s IT security team discovered that “a small group of admins and moderators had their accounts compromised, the first of which had been used to post the malicious script.”

The good news is that no evidence has been found that any users had their details compromised by the attacks.

Sign up to our free newsletter.
Security news, advice, and tips.

As a precaution, however, Future shut down the PC Gamer online forum, and other vBulletin-powered forums that it operates. Affected sites include the forums for popular magazines such as SFX, Total Film, Digital Camera World, Cycling News, MusicRadar, Rhythm, Classics Monthly, Mini Magazine, and Fast Bikes.

Attempting to visit any of these online forums now presents users with the following message:

Future forum closed

In an update posted on July 29th, Dave Bradley, editor-in-chief of SFX, said that Future’s IT team were looking at upgrading the forum software, and also reviewing whether to continue using vBulletin.

In his post, Bradley says that Future was using vBulletin 3.8.5 for its online forums. That certainly raises an eyebrow, as the “final” version of vBulletin 3 was version 3.8.7, released in February 2011.

One imagines that Future will be looking at vBulletin’s later incarnations (4 and 5), as well as alternatives. Hopefully they will also be working with the authorities to see if any evidence can be found which might lead to identification of those responsible for the hack.

Last month, Ubuntu Forums was brought down after a hacker exploited a security hole in its vBulletin software, and defaced it with a picture of a gun-wielding penguin.

If you’re running an online forum, please make sure that you are running the very latest version, and keeping on top of security patches.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.