Jump to content
Check your account email address ×

Hacker steals 45 million accounts from hundreds of car, tech, sports forums

ckf

By ckf
in Current Events

 Share

Recommended Posts

ckf

ckf

Posted
Posted

Anyone that is a member of HCS or any other VerticalScope website better change their password.

A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities.

The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com.

The company didn't outright confirm the breach, but said it was investigating.

"We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email.

He added:

"We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities."

But a further analysis of the leaked database, obtained by breach notification site LeakedSource.com, suggests that the scope of data may be greater than first thought.

In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from.

LeakedSource confirmed the findings in a blog post, published Tuesday.

The group said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale."

Three major social networks have quietly fallen victim to data breaches. Despite some success, patience and trust is now fading.

Despite a push in recent years for stronger encryption and fixing security flaws, the forums thought to be affected by the breach fell far behind industry security norms.

A cursory search of the list of domains caught up in the hack revealed that none of the sites we checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted.

Many of the forums ran versions of vBulletin software dating back to 2007. Most were running software versions that were easily exploitable by hackers with known vulnerabilities. A blog post from security reporter Brian Krebs from 2013 showed that older versions of the vBulletin forums that were vulnerable could be easily searched with readily-available attack tools.

It's not clear who carried out the hack. A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr.

As of Tuesday, the company has not made any public statement in relation to the hack.

Unlike in other recent other breaches, this data does not appear to be for sale on the dark web -- for now.

http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/

Link to comment
Share on other sites
Zambroski

Zambroski

Posted
Posted

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.  :lol:  Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  :dunno:

Link to comment
Share on other sites
ckf

ckf

Posted
  • Author
Posted
21 minutes ago, Zambroski said:

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.  :lol:  Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  :dunno:

That's why we try to stay on top of software updates, especially if they mention a security update.

Link to comment
Share on other sites
Polarissledder

Polarissledder

Posted
Posted

yeah the new password protocol is more strict than banks.... good luck remembering what password you use....

 

good.png Must be at least 10 characters
good.png Must contain lower-case characters
good.png Must contain upper-case characters
good.png Must contain numbers
good.png Must contain symbols

 

what a shit show.

 

 

Link to comment
Share on other sites
ckf

ckf

Posted
  • Author
Posted
46 minutes ago, Cold War said:

Why would anyone want to hack a account on a snowmobile site?

May be a stupid question, but I'm not sure what I'm missing.

Because a lot of people use the same password for every site they visit, including banking passwords.

Link to comment
Share on other sites
Badger**

Badger**

Posted
Posted
1 hour ago, Zambroski said:

Not sure...they posted a message for everyone to update their passwords and then somehow locked almost everyone out.  :lol:  Hell, I still can't get back in.  Comical as hell.  Some are slowly getting their passwords reset and logging back on I guess.  :dunno:

Not working at all for me tell HCS their favorite son "Badger" said :bigfinger::lol2: I got xcr7 working on it I know if I asked Z he'd change all the locks on the liquor cabinet then i'd be fucked and sober. :wtf: 

  • Like 1
Link to comment
Share on other sites
snatchslayer

snatchslayer

Posted
Posted
1 hour ago, Axys1 said:

Not working at all for me tell HCS their favorite son "Badger" said :bigfinger::lol2: I got xcr7 working on it I know if I asked Z he'd change all the locks on the liquor cabinet then i'd be fucked and sober. :wtf:

im working on it allright...thats why im over here lol

  • Like 1
Link to comment
Share on other sites
Momorider

Momorider

Posted
Posted

I got a reset notice from ArcticChat yesterday, email said admin reset password gave a temp one and I went and changed it :flush: don't think I have even posted on there just read :guzzle: 

Link to comment
Share on other sites
Zambroski

Zambroski

Posted
Posted

Just keep trying the forgot password link.  Took me a half dozen times but it finally worked.  Then it will prompt you for a new password.  What a log jam!  My new password is:  giraFeaPotumus%#*+{zHjsluHiy7396€£¥%#]5901%]*#£~¥hkdGrqW739sukit

Link to comment
Share on other sites
snatchslayer

snatchslayer

Posted
Posted
17 minutes ago, Zambroski said:

Just keep trying the forgot password link.  Took me a half dozen times but it finally worked.  Then it will prompt you for a new password.  What a log jam!  My new password is:  giraFeaPotumus%#*+{zHjsluHiy7396€£¥%#]5901%]*#£~¥hkdGrqW739sukit

mine looks like fuckin arabic too
 

17 minutes ago, Axys1 said:

That big of a mess over there?? Could it be ISIS. :(

actually, i think its Bigfuse lol...where is that guy anyways

Link to comment
Share on other sites
Badger**

Badger**

Posted
Posted
1 minute ago, xcr700 said:

mine looks like fuckin arabic too
 

actually, i think its Bigfuse lol...where is that guy anyways

:dunno: Well I got a new password?? php?a=pwd&u=125384&i=cb91c5e70c007774c66c0c26809670ddafcd7860

Link to comment
Share on other sites
Badger**

Badger**

Posted
Posted

Dear Badger,

Someone has tried to log into your account on HCS Snowmobile Forums with an incorrect password at least 5 times. This person has been prevented from attempting to login to your account for the next 15 minutes.

The person trying to log into your account had the following IP address: XX XXX XX XX

All the best,
HCS Snowmobile Forums


HCS Snowmobile Forums, a part of VerticalScope Inc.
111 Peter Street, Suite 700
Toronto, Ontario, Canada
M5V 2H1
 

Tell those dumb fuckers at Vertical its me Badger!! :fuckyou:  When I get back on there better be lots of free beer. :wtf:

Link to comment
Share on other sites
  • Platinum Contributing Member
Jimmy Snacks

Jimmy Snacks

Posted
  • Platinum Contributing Member
Posted
5 hours ago, racinfarmer said:

So...

What happens if the email you signed up with HCS for is no longer active?

 

1 hour ago, Mileage Psycho said:

LOL, you too eh :joint:

Just tell 'em Al Czervix sent you and Sayatodabuffet will let you right in......

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...