SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
16 Jun 2016

Hackers make off with over 40 million passwords from 1,000 sites

Hackers have stolen the personal data, including usernames, passwords, email addresses, and IP addresses of more than 45 million people who are members of car, sports, and tech sites such as AutoGuide.com, Motorcycle.com and Techsupportforum.com, according to the data breach notification site LeakedSource.

“This data set contains nearly 45 million records from over 1100 websites and communities,” LeakedSource wrote in a blog post published on Tuesday. “Each record may contain an email address, a username, an IP address, one password and in some cases a second password.”

All the sites that were victim of this hack run on a platform provided by VerticalScope, a Canadian company that owns and operates around 480 “online communities, content portals, and e-newsletters,” according to the company’s official website. VerticalScope’s vice president of corporate development Jerry Orban seemed to confirm the data breach on Tuesday, telling in an emailed statement that the company is “aware of the possible issue,” and that it’s investigating and collecting data to provide it to law enforcement.

“We believe that any potential breach is limited to usernames, userids, email addresses, and encrypted passwords of our users,” Orban wrote. But one of the operators of LeakedSource, a website that’s gained notoriety in the last few weeks for hosting a seemingly endless series of big-name hacks like the ones against LinkedIn, MySpace, and VKontakte, said that the majority of the passwords are easy to crack and be revealed. In fact, the operator told Motherboard that they were able to crack 74 percent of all the stolen passwords, which amounts to roughly 33 million, due to the fact that most of the sites used an “insufficient” and weak algorithm—known as MD5—to hash and encode the passwords.

If the numbers are correct, this would be one of the largest data breaches ever, ranking sixth on the data breach awareness site haveibeenpwned.com, which collects data breaches and notifies users when their records have been compromised. “Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” LeakedSource said.

VerticalScope’s Orban did not answer other more specific questions on the extent of the breach and on how the company protects its users’ data. In the statement, however, he added that “we are reviewing our security policies and practices and [...] implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”

It’s unclear who hacked VerticalScope. The LeakedSource operator said they didn’t know who the culprits were, but said the breach dates back to February 2016. Peace, a cybercriminal who’s known for selling hacked data, also said he heard of the breach at the time and has seen the data being traded online, but didn’t know who was responsible. “[VerticalScope] got raped. I think [someone] rooted the server too [and] got access to a shit load of [databases],” he told in an online chat. 

The lesson: As with all the recent big name data breaches, there are two lessons here, one for the hacked company, and one for the users. VerticalScope should have used better processes and mechanisms to protect the passwords, making them harder to crack even in the event of a data breach.

Users of the countless websites and forums run by VerticalScope, should change their passwords and make sure they’re not using that same password and username or email address combination somewhere else. In that case, they should change it immediately. And once again, and this is good advice for everyone: We should all really stop reusing passwords. It should be mentioned that Russian hacker was behind the massive breaches in some of the most popular social media sites including LinkedIn, MySpace, Twitter, and VK.com.

Tags:
information leaks hackers
Source:
Motherboard
1903
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015