Hackers hack into 1100 websites and steal over 45 million user ids and passwords
In a blog post Tuesday, the website LeakedSource revealed that a hacker has stolen information from almost 45 million accounts from over a thousand popular forums, which host popular car, tech, and sports communities.
The leak affects websites operated by VerticalScope, a Toronto-based media company that runs a large number of online communities, and includes big-name sites like AutoGuide.com, Motorcycle.com and Techsupportforum.com. The data includes usernames, email addresses, IP addresses, and passwords of people.
LeakedSource says that for each record they found an email address, a username, an IP address, and one or two passwords. However, not all records have the details for each user.
“Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” a LeakedSource representative explained.
Jerry Orban, vice-president of corporate development, in an email to Motherboard , said “We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies.”
He further added, “We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”
According to Leakedsource, the hack was executed in February 2016. LeakedSource has gained disrepute in recent years after hosting data purloined in a number of high-profile hacks, including myspace.com and LinkedIn.com.
According to LeakedSource’s analysis of the leaked passwords, around 90 percent (over 40 million) were protected with the MD5 hashing algorithm. MD5 is vulnerable to simple collision attacks, and passwords hashed with MD5 are simple to break.
The MD5 passwords were also salted. The rest of the passwords were stored using various encryption algorithms, some of which are hard to break and considered safe to use.
However, LeakedSource tells that it was able to crack 74% of the stolen passwords. According to the site, “123456” topped the chart with 150,852 occurrences, followed by “18atcskd2w”, and finally “password” is at the third place.
To confirm if your data has been compromised, click on this link, and remove it. If you find your data in the database, change your passwords immediately. Ensure that you are not using the same passwords on other sites that you have used on the leaked sites.