Incident Involving Percona Forums on September 24, 2019

Summary

On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This vulnerability potentially allows an unauthenticated attacker to remotely execute code on, or possibly complete control of, vBulletin forums. ZDNet reports that this vulnerability potentially affected tens of thousands of forums servers.

Unfortunately, Percona’s forum server was a victim of such an attack at 12:47 pm EDT on September 24, 2019. As a result, Percona’s forum server was taken offline as soon as we became aware of the attack and was kept offline until the vulnerability was fixed.

The Percona forums database uses encryption at rest and in transit to protect user account credentials and information contained within the forum database, and our investigation into the incident did not provide evidence that account credentials were accessed or exfiltrated. However, based on the severity of the vBulletin vulnerability, we cannot be certain that forum user account information was not compromised.

Unfortunately, this means that personal data and account credentials may have been accessible between the time when the attack took place and the time when the forum site was taken offline. For that reason, we suggest that all forum users that created an account on www.percona.com/forums take precautions by changing your account credentials used to access the forum, as well as any other accounts that use the same credentials. All user passwords have been reset. Please use percona.com/forums/lostpw to reset access to your forum account.

We can confirm that the vulnerability and subsequent attack only affected Percona’s forum site and did not affect the security or integrity of any other Percona websites, applications, or customer portals.

At the time of this notice, Percona implemented the security patch published by vBulletin, tested the patch, and confirmed that it cured the vulnerability that was present on Percona’s forum server. If we become aware of additional vulnerabilities with vBulletin software that could impact user account information, we will take the forum server offline again until we are confident that the vulnerabilities are cured.

Timeline of Events

• 2019-09-24 12:47 pm EDT – Percona’s IT and IT Security teams became aware of the vulnerability and a potential attack on Percona’s forums server and took the server offline.
• 2019-09-25 12:17 pm EDT – vBulletin released a security patch to cure the vulnerability.
• 2019-09-25  2:32 pm EDT – The security patch was applied and tested on Percona’s forums server.
• 2019-09-25  5:00 pm EDT – Percona confirmed that the security patch mitigated the known vulnerability and the server was taken back online.

More Information

We will provide updates should new information become available, or should additional actions be needed. In the interim, information about this incident is available here.