Announcement

Collapse
No announcement yet.

Vertical Scope was hacked

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Vertical Scope was hacked

    Hacker Steals 45 Million Accounts From Hundreds of Car, Tech, Sports Forums - Slashdot
    https://news.slashdot.org/story/16/06/14/2232235/hacker-steals-45-million-accounts-from-hundreds-of-car-tech-sports-forums
    An anonymous reader quotes a report from ZDNet: A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope,...


    An anonymous reader quotes a report from ZDNet:

    "A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com. "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email. In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from. LeakedSource, which confirmed the findings, said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale." A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr."

    The report goes on to say: "A cursory search of the list of domains caught up in the hack revealed that none of the sites [ZDNet] checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted."


    So if you use a common password with the same account name you may want to change it. Dfwstangs.net may not have been hacked so it might not be that big of an issue
    Tags: 1234, password is safest, soap passwd is cow fucker, svo broke enigma code, svo invented passwords, svo trained snowden
  • #2
    My corral account that I have for over 15 years has been hacked. Those faggots at Autoguide could fuck up a wet dream.
    Originally posted by racrguy
    What's your beef with NPR, because their listeners are typically more informed than others?
    Originally posted by racrguy
    Voting is a constitutional right, overthrowing the government isn't.

    Comment

    • #3
      every vbulliten site i am a member of has been hacked . every autoguide site has been hacked. this shit happened in feb. fucking Canadians .

      Comment

      • #4
        It was probably Talisman, that's why he left. He's been working on the hack all this time.

        Comment

        • #5
          One of the reasons I use a Password Manager like Last Pass is to protect myself from stuff like this. The passwords for nearly every website I visit are very different. Most people use the same password for all, or most, websites. If you crack their passwords for one website, you can do some real damage.

          Comment

          • #6
            Amateurs. They are too busy in acquiring websites and apparently have inadequate IT staff resources to address security concerns for each package.

            None of the sites that I manage have been compromised.

            #1 Change default directory path to the Super Administrator Control Panel
            #2 Secure Control Panel by white listing specific IP address' (yours) and blocking all others globally in .htaccess
            #3 Be sure to have the Super Admin user IDs inputted in the 'undeletable/unalterable' user section of the includes/config.php file
            #4 Admins needs a very robust password. I use LastPass to generate a long password w/ special and alphanumeric characters. My passwords look like a syntax error. A good password for a webmaster should look something like = 7hH^q#UY11vp(G4*L;
            #5 Enforce mandatory password changes at very short intervals. Almost to the point where it becomes an annoyance.
            #6 Understand Filesystem permissions
            #7 Consider transitioning to SSL

            Hackers are using PERL script to extract the MD5 hash from Admin accounts. They then dump them into an online decoder and wait. The longer and more complex the password, the longer the wait. Sometimes the decoder will fail to decrypt. However, this won't do much of anything if they can't access the styles and templates / Usergroups in the SuperAdmin CP.
            Last edited by LS1Goat; 06-19-2016, 06:13 PM.

            Comment

            • #7
              Originally posted by LS1Goat View Post
              #5 Enforce mandatory password changes at very short intervals. Almost to the point where it becomes an annoyance.
              On non critical systems I think this the cause of a lot of simple passwords for those that dont use a generator.

              Comment

              • #8
                When the government pays, the government controls.

                Comment

                • #9
                  Originally posted by 46Tbird View Post
                  Most sites require special characters now, and do not allow for that many characters. That's what I don't understand; if all you did was change the commonly changed letters with other characters, it's barely more complex. I'm guessing people are still using the same simple passwords but are tricking them up a tad.

                  I have safeincloud, and will probably switch to last pass. That being said, corral and dfwm have the same password. XD

                  Sent from my HTC 10 using Tapatalk

                  Comment

                  • #10
                    Originally posted by Broncojohnny View Post
                    My corral account that I have for over 15 years has been hacked. Those faggots at Autoguide could fuck up a wet dream.
                    Several days ago they reset EVERYONE's passwords. You should have got an email. I didn't. And now it won't let me change my password since it is linked to my yahoo account. Can't access yahoo since I am in Niger and on a different IP than they have ever seen me on....and they can't text the code to me since I am not on my cell on file with them. It's a mess. Not that I will miss logging into Corral for another month.
                    Fuck you. We're going to Costco.

                    Comment

                    • #11
                      Originally posted by KBScobravert View Post
                      Several days ago they reset EVERYONE's passwords. You should have got an email. I didn't. And now it won't let me change my password since it is linked to my yahoo account. Can't access yahoo since I am in Niger and on a different IP than they have ever seen me on....and they can't text the code to me since I am not on my cell on file with them. It's a mess. Not that I will miss logging into Corral for another month.
                      I just got a new password to DFWStangs, though I haven't been there in a good long while, I'd expect you all to be seeing the same.

                      Comment

                      Previous template Next
                      Working...
                      X