OVH Community, your new community space.

OVH and Kimsufi vBulletin Forums breached

02/01/2017, 15h41
i created a special mail adress just for the board but never recieved ANY email from ovh regarding that issue on THAT address.

Anyway they have a nice new green style on the landing page wich compensates it. not.

28/12/2016, 20h37
Thanks for the explanation.

Since I never received an email from Kimsufi or OVH about it, and couldn't find any announcement (at least not in English), I assumed it was an old breach that was either only now discovered, or only now made public (consistent with what has happend in several other breaches and hacks like LinkedIn, Yahoo! etc.). The email I got from put it as follows: "Why are you only hearing about this now? Whilst the breach occurred in May 2015, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. "Have I been pwned?" will always attempt to alert you ASAP, it's just a question of how readily available the data is."

While it's just about a forum, and I personally never re-use passwords across different sites, I think notifying all affected users via email would have been preferable.

Regarding, I'm pretty sure I did have an account, because my password manager explicitly lists that url. But it may have been a while since I used it, so I guess I'll just re-register if I need to.

28/12/2016, 20h01

1) What happened?
it was in 2015

2) Will affected users be notified?
users already notified in 2015 (Cf :!!!), and i don"t know if a thread was written in english.

3) Unrelated, but how come my account disappeared?
are you sur you was registered on it ?
All OVH forum have their own database, like is not the same as and not the same as

Cordially, janus57

28/12/2016, 19h37
I'm subscribed to, and yesterday I was notified that my email address was among those breached via the OVH and Kimsufi vBulletin Forums:

> In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

> Compromised data: Email addresses, IP addresses, Passwords, Usernames

And the same for Kimsufi forums. See and

But I can't find any notice of this breach via either OVH or Kimsufi. I could still login to this Kimsufi account, but says my account does not exist.

1) What happened?
2) Will affected users be notified?
3) Unrelated, but how come my account disappeared?