vBulletin, the forum software maker, is associated with 508,095 records indexed by leaksear.ch from a November 3, 2015 breach, including email addresses, usernames, IP addresses and MD5 password hashes with salts (leaksear.ch metadata). Public reporting at the time described a defacement of vBulletin.com, a forced password reset, and a hacker's claim that hundreds of thousands of records had been taken (www.theregister.com).
What happened
Have I Been Pwned's public breach page describes vBulletin as a forum software maker that suffered a serious data breach in November 2015, affecting forum user and customer accounts (haveibeenpwned.com). The Register reported on November 3, 2015 that the official vBulletin.com site had been defaced and that vBulletin initiated a password reset after its statement said an attacker may have accessed customer IDs and encrypted passwords (www.theregister.com).
SecurityWeek later summarized the November 2015 event as involving the official forum and website being shut down after a hacker using the Coldzer0 handle claimed access to user details via a zero-day vulnerability, with password resets following the incident (www.securityweek.com). The exact exploitation path should be treated as unconfirmed in public reporting: The Register described zero-day and SQL injection claims as reported or unclear, not established fact (www.theregister.com).
What data was exposed
The leaksear.ch index for this leak includes email addresses, usernames, IP addresses and MD5 password hashes as searchable fields (leaksear.ch metadata). It also stores salts, homepage or website URLs, source identifiers and other record context, but those additional fields are not direct search pivots (leaksear.ch metadata).
Why this matters
Because the leak combines contact details, account identifiers, IP addresses and password hashes, it can help attackers validate old forum identities and build targeted phishing. The password data is historical but still relevant where users reused credentials; SecurityWeek's contemporaneous coverage advised changing the vBulletin password and any reused password on other sites (www.securityweek.com). Security teams should treat matches as historical credential exposure and prioritize password rotation, MFA and monitoring for phishing that references vBulletin or forum account details. To check whether your data is in this leak, search leaksear.ch using email, username, IP address or hashed password (leaksear.ch metadata).
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, hashed password, ip address, and username.