A server of im supplier Trillian has been hacked. It is an old server, the information of which is between 3 and 14 years old. The hack was related to vulnerabilities in vBulletin. Through the same vulnerability, the attacker managed to steal data from a WordPress blog.
The data breach occurred on July 4 last on a single server serving the old blog and forum. Data from users of the instant messaging program Trillian is separate from this. The blog and forum were still online as an archive. The leak came to light the next day, Trillian said, after which the single machine was permanently turned off.
The stolen information consists of a user database with salted and md5-hashed passwords from both the WordPress blog and the vBulletin forum. Unless past forum or blog users have been using the same password and username for years, Trillian estimates the potential problems low.
Users who have been active on the blog or forum in the past have in the meantime received an email at the email address known to Trillian. The old server, and with it the old forum and blog, will remain offline.