45 Million Accounts Hacked At Some Of The Biggest Car Forums

 

We were not hacked, Vertical Scope was.

 

Thanks boss

 

Search the Site Search

• About Us
• Our Verticals
• Our Solutions
• Careers
• Contact Us

Home

Notice of Data Breach



You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you.

What Happened?

On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.

What Information Was Involved?

Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.

What We Are Doing

We are in the process of invalidating passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We are in the process of implementing stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.

VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.

What You Can Do

To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.

For More Information

If you have any questions, please feel free to contact our Community Management team by email at cmsupport@verticalscope.com or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have.

 

The Chrysler Mini Van Fan Club forum was among those hacked. Supposedly they sent me an email with a new password. I never got the email, can't log on, and when I try to click on the "forgot my password" link, they tell me my email address is not valid! It's the same one I've had for years, and the same one I used to sign up with! I sent the site admin a message, I'll see what they can do.
I love technology!

 

What I find disturbing is that Vertical Scope waited 4 months before informing their user base of a data breach in their servers. Instead, they chose to keep the data breach quiet ...presumably so as not to cause alarm or a disruption in user traffic that could effect their ad revenue.

Not until the news reports surfaced, due to Leaked Source scoring and posting one of the largest online database breaches in history, did Vertical Scope finally disclose to their users that some of their personally identifying data had been stolen some four months prior.

This conclusion is evidenced in the tricky way Vertical Scope very carefully worded the disclosure... "On June 13, 2016, we became aware that February 2016 data stolen from Vertical Scope was being made available online." A quick cursory reading of this sentence implies that Vertical Scope just found out about the data breach, but a careful reading reveals that Vertical Scope just found out about the stolen data being published online. This disclosure, worded in this manner, suggests that Vertical Scope already knew the data was stolen, but didn't say anything about until they found out that the previously stolen data was now made public.

How long does it take to download 45,000,000 complete user data base record profiles? More than likely, enough time for any IT professional to observe that something was not quite right with the web traffic on that HUGE data dump. And THAT is when Vertical Scope should have disclosed to their customers that there was a data breach that could compromise their email addresses, chosen passwords, online forum identities, and IP addresses.... rather than carrying on business as usual.

By not disclosing the data breach near to the time when it happened, Vertical Scope denied the users an opportunity to react quickly to protect themselves. By waiting for four months, until independent news reports confirmed the public disclosure of the data, the users were unknowingly exposed for much longer than they would have been had Vertical Scope acted responsibly.

If Vertical Scope argues with this hypothesis and claims that they had no idea that a remote computer downloaded and copied over 45 MILLION records off of their servers, then again, for different reasons, Vertical Scope acted irresponsibly in their IT management and in the custodianship of the private user data required of their members, data that their sign up agreement states that they will not disclose.

I hope that Internet Brands manages their IT infrastructure more responsibly than Vertical Scope. But more importantly, I hope that Internet Brands will have the integrity to disclose any data breach, especially one of this magnitude, without waiting four months for the data to make the rounds through underground stolen data miners throughout the world. I hope that IB proactively and voluntarily informs their users of such breaches, out of respect for the members that build the content on IB websites, rather than wait until a tidal wave of news media reports forces their hand into an admission.

I understand that any computer can be hacked, no matter how secure. What I want from a website I participate in is transparency about such attacks. To not do so may or may not be a breach of any user agreement... but it is a breach of fundamental trust. That is why I will no longer participate in forums managed by Vertical Scope.

Of course I will not be missed... but at least I will not be misled.

 

Sadly ALL polices on this type is situation are based on the bottom line.

 

Has any server of Ford Truck Enthusiasts ever been hacked in the last five years?

 

I have been here for almost three years, and it has not been hacked in my time here.