Hackers have stolen information relating to around 45 million accounts from VerticalScope, a Canadian media company that runs numerous support forums on various topics. Over 1,000 support forums and online community websites on home, tech and sports have been breached as a result of the hack, leaving millions of users' records exposed.
The massive breach took place in February but is coming to light only now, thanks to data breach cataloguing site LeakedSource, which got hold of the data and recently analysed it. Popular domains such as Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com were among the sites that were affected by the breach. However, the data stolen does not appear to have been put up for sale on the dark web, as of now.
LeakedSource said: "Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale. Passwords were stored in various encryption methods but less than 10% of the domains which account for a very small amount of leaked records used difficult to break encryption (less than a couple of million). Most of the records (over 40 million) were just MD5 with salting and this is insufficient."
VerticalScope acknowledged the hack, without confirming it outright, adding that it was currently investigating the breach. However the company is yet to make any public announcements in relation to the hack.
The company's vice president of corporate development Jerry Orban told ZDNet: "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies. We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities."
Most of the forums affected by the hack were found to have poor security, including weaker password encryption. Some of the sites failed to offer the now common HTTPS site encryption, which is designed to prevent cybercriminals from accessing usernames and passwords.
The identity of the perpetrators of the hack is still unknown. However, LeakedSource has confirmed that the hack is "not related" to the recent slew of data breaches that affected tech giants like LinkedIn, MySpace and Tumblr.