A new hack reveal has been disclosed. VerticalScope, the host to 1,100 websites and forums, was hacked, and around 45 million user’s data was leaked online.
VerticalScope is known to host many of the good websites, chief among them including TechSupportforum.com, MobileCampsites.com, Pbnation.com, and the Motorcycle.com website. All these four were impacted by the leak and the hack which happened earlier this year. The hack happened in February this year and was only revealed recently by the popular search engine which reveals hacked data, LeakedSource.
In its blog post explaining the hack, the company wrote that in each of the 45 million accounts which they have at the moment, it showed that they contained an email address, a username, an IP address, a password and in some instances a backup password. LeakedSource also said that the scale of the breach would only be possible if VerticalScope had stored the data on one server or interconnecting servers.
They also noted that passwords were not stored in a secure way, and only 10 percent used an encryption method to secure their passwords. The firm said that for the remainder of the leaked records, 40 million of them, the encryption which was used was the MD5, which is far from suitable for keeping data safe. LeakedSource also mentioned they were in control of the data from April and had already gone through the process of confirming the information, but they said they had only started analyzing the data now. However, they didn’t mention how the data had found its way into their hands.
VerticalScope said on their own that they were aware of user data compromise and that they were going to start strengthening the password security for future cases to reduce the impact. They also wrote that its users would receive an email which would prompt them to change their passwords, and they also intend to send password safety tips. They would also enforce password expiration rules, which means users would have to change passwords regularly or get locked out of their accounts.
These measures are in response to the increased security-related incidents on various major social media sites which we share common users, the company said. It also goes on to say that they were aware of the potential risks that were being felt by the community accounts. These changes are to be implemented in all forum communities to ensure safety and security for all users, the company wrote.
VerticalScope also claimed that it was investigating the breach and at the same time working on a way to present the data to the law enforcement agencies so they could take it from there. They also noted that users who shared passwords on different social media sites face problems especially since there have been many hacks of social media accounts lately.
Amit Ashbel, a Cyber Security Evangelist at CheckMarx, said that the blame was to be put on VerticalScope. This is because they should have done a better job at keeping the passwords safe and also the company had not appropriated the websites a basic standard of password encryption to ensure at least some problems for the hackers when they looked at the passwords. Ashbel says that the MD5 encryption can be decrypted by literally anyone in less than 5 minutes.
As of late there have been multiple breaches of a large scale of some of the big social media sites. The breaches have all been disclosed in the past month and include, LinkedIn (167 million), MySpace (360 million), Tumblr (65 million), and Vk (70 million).
We always recommend that your practice good password management, never use the same password twice, and always carry a strong VPN.