Support Forum Provider Hacked

Thursday, June 16, 2016 @ 03:06 PM gHale


A company that runs multiple support forums suffered a data breach in February after an attacker stole over 45 million user records from its database.

The victim is VerticalScope.com and the records, which data breach indexing site LeakedSource acquired and analyzed, contain details from over 1,100 tech support portals VerticalScope is running on different domains.

RELATED STORIES
Hacker Leaks Records in Protest
Hacking into a Hacker’s Character
Random Numbers could Hike Security
Security Software? Think Again

LeakedSource said the largest amount of data comes from sites such as Techsupportforum.com, MobileCampsites.com, Pbnation.com, and Motorcycle.com.

There are no clues on who was behind the data breach, but LeakedSource said the incident took place in February.

VerticalScope confirmed the breach, after LeakedSource’s staff got ahold of the data April 27.

For each record they discovered an email address, a username, an IP address, one or two passwords, LeakedSource said. Not all records contain all the details for each user.

“Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” a LeakedSource researcher said in a blog post.

It also appears 90 percent of the information ended up protected with the MD5 hashing algorithm. MD5 is vulnerable to simple collision attacks, and passwords hashed with MD5 are easy to break.

The MD5 passwords also ended up salted. The rest of the passwords ended up stored using various encryption algorithms, some of which are hard to break and considered safe to use.