45 Million Records Stolen from Over 1,100 Websites

45 Million Records Stolen from Over 1,100 Websites

June 15, 2016         Written By John H. Oldshue

Hackers have stolen 45 million records from 1,100 websites that were hosted by VerticalScope, according to LeakedSource.

The stolen information includes the usernames, passwords, email addresses or IP addresses of more than 45 million members of car, sports and tech sites.

“This data set contains nearly 45 million records from over 1100 websites and communities,” LeakedSource wrote. “Each record may contain an email address, a username, an IP address, one password and in some cases a second password.”

All of the breached websites are run by VerticalScope, a Canadian company that owns and operates 480 online communities, content portals and e-newsletters, according to the company’s website.

Jerry Orban, VerticalScope’s VP of corporate development, confirmed the possible breach in an email to Motherboard. He said the company is “aware of the possible issue” and is investigating and providing data for law enforcement.

“We believe that any potential breach is limited to usernames, user ids, email addresses, and encrypted passwords of our users,” Orban wrote.

While the passwords may have been encrypted, LeakedSource, which has gained notoriety in recent weeks for selling data stolen from LinkedIn, MySpace and Twitter, said that they were able to crack 74% of the stolen passwords, approximately 33 million. Most of the sites used a weak algorithm, MD5, to hash and encode the passwords.

If these number are accurate, this is one of the largest data breaches ever.

LeakedSource said that, not only were the passwords weakly protected, VerticalScope must also have saved all of its data on a limited number of servers.

“Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” LeakedSource said.

For its part, Orban said in a statement that the company is “reviewing our security policies and practices and […] implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”

While the hackers have not been identified, LeakedSource said the breach occurred in February 2016.



The information contained within this article was accurate as of June 15, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


john-oldshue

About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured Cash Back Card
Top Features : No Annual Fee, Bonus Offer, Cash Back
Featured No Annual Fee Card
Top Features : Earn cash back twice. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : No Annual Fee; Cash Back match at the end of your first year; Social Security Alerts
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time