The hacked data was discovered by Leakedsource in February 2016. The leak contains data like email address, username, IP address and passwords. Leakedsource.com is a newer search engine that scours a online source including the dark web looking for data dumps and leaks.
The sport and Tronto-based website, VerticalScope, was hacked based on Leakedsource’s findings. At least 45 million records from around 1,100 sites where obtained and posted to the web.
VerticalScope obtains and grows websites and forums over a multitude of sports, automotive and outdoor activities. On the list of the dozens of websites possessed by the company are hotrodders.com, cadillacowners.com and motorcycle.com. Together the varied sites and forums have nearly 38 million registered members.
“Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” Leakedsource.com stated.
In a message on the VerticalScope site the company mentioned it’s made adjustments to its security measures as a result of the leak. The security additions include minimum password rules, warnings to users to avoid using the same password as on other websites and making users change passwords more often.
“We recently became aware of potential risks to community accounts (username, userid, encrypted password and email address) on many Forum online communities, including some owned and operated by VerticalScope,” said VerticalScope.
Leakedsource.com, claimed around 40 million of the discovered records used an MD5 hash generator with some salting. Among the most frequently found passwords in the data dump was 123456, password, 111111 and letmein.
“The following table shows the top passwords used by VerticalScope Network users. There seem to be a lot of automated registrations and you can easily see that they own many automobile forums.” Leaksource stated.