What Happened
In August 2016, the vBulletin forum for GSM Hosting was breached, exposing 2.6 million user records. The breach remained undetected until the compromised data appeared for sale on the dark web alongside dozens of other hacked services. The exposed data included email addresses, IP addresses, usernames, and salted MD5 password hashes. The breach was not added to public breach databases until March 27, 2024, nearly eight years after the initial compromise, as it took considerable time for the credentials to surface on the dark web and be discovered and verified.
