Someone Got Into 45 Million Accounts from Hundreds of Car, Tech, Sports Forums

A hacker has stolen accounts from more than a thousand popular forums, which host popular car, tech, and sports communities.

The stolen database contains records from websites hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums run by AutoGuide.com, PetGuide.com, Motorcycle.com and TopHosts.com.

Breach notification site LeakedSource.com said in a blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale.”

Many of the forums ran outdated, vulnerable versions of vBulletin software dating back to 2007. 

In a sample LeakedSource gave to ZDNet, the database shows email addresses, passwords that were hashed and salted, and passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from.

It is not clear who carried out the hack. A LeakedSource group member said it was "not related" to the recent breaches at MySpace, LinkedIn, and Tumblr.

The company didn't outright confirm the breach, but said it was investigating.

"We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," Jerry Orban, vice-president of corporate development, said in an email.

He added:

"We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities."