45m passwords stolen from VerticalScope forums in massive data breach
A hacker breached Toronto-based firm VerticalScope’s systems and stole 45 million records from its network of more than 1,100 websites and forums. The attack was reportedly carried out in February.
The company operates scores of major properties for automotive, sports, outdoor, health and hobby enthusiasts, including, , , , and .
It isn’t clear who was behind the attack, and oddly, the company hasn’t made a public statement about the breach. Jerry Orban, vice president of corporate development,told ZDNet:
We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.
LeakedSource, which indexes hacked credentials from data breaches, obtained a copy of the database and says that it also found IP addresses in the records.
It also noted that ‘less than 10% of the domains which account for a very small amount of leaked records used difficult to break encryption (less than a couple million).’ More than 40 million other passwords were secured using MD5 with salting, which is easy enough to crack.
ZDNet reported that a number of the VerticalScope sites it investigated ran versions of the popular vBulletin forum software dating back to 2007, which contained known security flaws that could easily be exploited by hackers.
There was something strange about the passwords that came up most frequently in this database.
Unlike the recent Twitter user hack, in which LeakedSource found the most common passwords to be ‘123456’, followed by ‘123456789’, ‘qwerty’ and ‘password’, a number of seemingly random strings made the top 10 list this time, including ’18atcskd2w’ at the no. 2 spot and ‘3rjs1la7qe’ at no. 4.
Troy Hunt, the creator of data breach tracker Have I Been Pwned?, said that, “This could be due to data inconsistencies in the source, issues with how the hacker exported them or tampering by someone else who’s handled it downstream of them.”
Akash Mahajan, Director at Web app security firm AppSecco, noted that this anomaly could also point to site-wide mandates enforced by administrators when trying to secure the database, or reset passwords for a number of users.
If you have an account on any of the forums run by VerticalScope, you’ll certainly want to change your password immediately.
We’ve contacted the company for comment and will update this story if there’s a response.