Mega-hacks affecting tens of millions of people are now occurring with depressing regularity.
The latest hack is a breach of VerticalScope, which is responsible for more than 1,000 popular websites and forums, including AutoGuide.com, Motorcycle.com, and PBNation.com
More than 1,100 websites have been affected by the hack — with nearly 45 million user accounts stolen, according to LeakedSource, a website that tracks hacks and data dumps.
The passwords were encrypted, according to LeakedSource, “but less than 10% of the domains which account for a very small amount of leaked records used difficult to break encryption.” As a result, LeakedSource — and potentially others — have been able to crack the passwords.
The data taken apparently includes email addresses, encrypted passwords, usernames, and IP addresses. Hacks like these that expose people’s passwords are dangerous because they can lead to further hacks and account takeovers elsewhere.
This is because the majority of people, despite what security experts advise, reuse passwords across multiple websites and platforms. This means that if one services they use is compromised, then hackers can cross-reference try and use the email address and passwords exposed in the breach on other platforms.
We’ve had a stark illustration of this recently following the publication of data taken in historic hacks on LinkedIn and MySpace. In both cases, tens of millions of users’ account details were taken, and hackers have now been using these logins to hijack the Twitter accounts of celebrities and public figures. Everyone from Drake to Mark Zuckerberg has been affected.
So if you’re reusing passwords, change them now — before it’s too late.
VerticalScope also discussed the hack with ZDNet, with VP of corporate development Jerry Orban saying in a statement:
We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.