Anyone that is a member of HCS or any other VerticalScope website better change their password.

A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities.

The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com.

The company didn't outright confirm the breach, but said it was investigating.

"We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email.

He added:

"We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities."

But a further analysis of the leaked database, obtained by breach notification site LeakedSource.com, suggests that the scope of data may be greater than first thought.

In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from.

LeakedSource confirmed the findings in a blog post, published Tuesday.

The group said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale."

Three major social networks have quietly fallen victim to data breaches. Despite some success, patience and trust is now fading.

Despite a push in recent years for stronger encryption and fixing security flaws, the forums thought to be affected by the breach fell far behind industry security norms.

A cursory search of the list of domains caught up in the hack revealed that none of the sites we checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted.

Many of the forums ran versions of vBulletin software dating back to 2007. Most were running software versions that were easily exploitable by hackers with known vulnerabilities. A blog post from security reporter Brian Krebs from 2013 showed that older versions of the vBulletin forums that were vulnerable could be easily searched with readily-available attack tools.

It's not clear who carried out the hack. A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr.

As of Tuesday, the company has not made any public statement in relation to the hack.

Unlike in other recent other breaches, this data does not appear to be for sale on the dark web -- for now.

http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/

That would explain our complete FUBAR over there then.   

4 minutes ago, Zambroski said:

That would explain our complete FUBAR over there then.   

What's up? I read about it on the admin zone https://theadminzone.com/threads/hacker-steals-45-million-accounts-from-hundreds-of-car-tech-sports-forums.140757/

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.    Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  

Got an email from Arctichat...knew something was up...I wouldn't be caught dead on an Arctic Cat  

21 minutes ago, Zambroski said:

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.    Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  

That's why we try to stay on top of software updates, especially if they mention a security update.

yeah the new password protocol is more strict than banks.... good luck remembering what password you use....

 

Must be at least 10 characters

Must contain lower-case characters

Must contain upper-case characters

Must contain numbers

Must contain symbols

 

what a shit show.

 

 

Why would anyone want to hack a account on a snowmobile site?

May be a stupid question, but I'm not sure what I'm missing.

46 minutes ago, Cold War said:

Why would anyone want to hack a account on a snowmobile site?

May be a stupid question, but I'm not sure what I'm missing.

Because a lot of people use the same password for every site they visit, including banking passwords.

4 minutes ago, ckf said:

Because a lot of people use the same password for every site they visit, including banking passwords.

👌

That makes sense.

1 hour ago, Zambroski said:

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.    Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  

Not working at all for me tell HCS their favorite son "Badger" said  I got xcr7 working on it I know if I asked Z he'd change all the locks on the liquor cabinet then i'd be fucked and sober.  

Bushes fault!

1 hour ago, Axys1 said:

Not working at all for me tell HCS their favorite son "Badger" said  I got xcr7 working on it I know if I asked Z he'd change all the locks on the liquor cabinet then i'd be fucked and sober. 

im working on it allright...thats why im over here lol

I got a reset notice from ArcticChat yesterday, email said admin reset password gave a temp one and I went and changed it  don't think I have even posted on there just read  

Just keep trying the forgot password link.  Took me a half dozen times but it finally worked.  Then it will prompt you for a new password.  What a log jam!  My new password is:  giraFeaPotumus%#*+{zHjsluHiy7396€£¥%#]5901%]*#£~¥hkdGrqW739sukit

4 minutes ago, xcr700 said:

im working on it allright...thats why im over here lol

That big of a mess over there?? Could it be ISIS. 

17 minutes ago, Zambroski said:

Just keep trying the forgot password link.  Took me a half dozen times but it finally worked.  Then it will prompt you for a new password.  What a log jam!  My new password is:  giraFeaPotumus%#*+{zHjsluHiy7396€£¥%#]5901%]*#£~¥hkdGrqW739sukit

mine looks like fuckin arabic too
 

17 minutes ago, Axys1 said:

That big of a mess over there?? Could it be ISIS. 

actually, i think its Bigfuse lol...where is that guy anyways

1 minute ago, xcr700 said:

mine looks like fuckin arabic too
 

actually, i think its Bigfuse lol...where is that guy anyways

 Well I got a new password?? php?a=pwd&u=125384&i=cb91c5e70c007774c66c0c26809670ddafcd7860

4 minutes ago, Axys1 said:

 Well I got a new password?? php?a=pwd&u=125384&i=cb91c5e70c007774c66c0c26809670ddafcd7860

lol wtf...steve is working on it. said a few hours

Dear Badger,

Someone has tried to log into your account on HCS Snowmobile Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: XX XXX XX XX

All the best,
HCS Snowmobile Forums


HCS Snowmobile Forums, a part of VerticalScope Inc.
111 Peter Street, Suite 700
Toronto, Ontario, Canada
M5V 2H1
 

Tell those dumb fuckers at Vertical its me Badger!!   When I get back on there better be lots of free beer. 

VerticalScope Inc. I found him.

So...

What happens if the email you signed up with HCS for is no longer active?

4 hours ago, racinfarmer said:

So...

What happens if the email you signed up with HCS for is no longer active?

LOL, you too eh 

It be easier to just change your other passwords. Let the hackers have the VS site info.

5 hours ago, racinfarmer said:

So...

What happens if the email you signed up with HCS for is no longer active?

 

1 hour ago, Mileage Psycho said:

LOL, you too eh 

Just tell 'em Al Czervix sent you and Sayatodabuffet will let you right in......

11 hours ago, Polarissledder said:

yeah the new password protocol is more strict than banks.... good luck remembering what password you use....

 

Must be at least 10 characters

Must contain lower-case characters

Must contain upper-case characters

Must contain numbers

Must contain symbols

 

what a shit show.

 

 

 

Some sites won't let you use a password that was used 15 times previously.  Just get a password reset each time cause there is no way to remember that for a site you do not use often.

 

Edited June 17, 20168 yr by ArcticCrusher