Zero-day exploit targeting vBulletin forums?

ARS Technica reports the official vBulletin website was hacked, resulting in a leak of password data and other information belonging to the company's nearly 480,000 subscribers. It seems there's a critical hole in the vBulletin forum software that enables attackers to gain almost complete control over sites with vulnerable versions of the vBulletin software. A patch was rolled out on Monday so operators of vBulletin sites are recommended to install it asap.

Piecing everything together, it's hard to escape the inference that the vBulletin software contained a zero-day vulnerability that allowed hackers in the wild to gain almost complete control over websites that used the forum app. If so, administrators for any site that uses vBulletin should drop whatever they're doing and immediately install Monday's patch. It also appears that people with accounts on both vBulletin.com and foxitsoftware.com should be explicitly warned that their data has been exposed and that they should change credentials on any other sites that used the same or a similar password. Already, some sites that rely on vBulletin, including the heavily targeted Defcon.org, have suspended user forums until the uncertainty is cleared up. Similar fears over vBulletin security surfaced two years ago.