Another day, another hack. And while the target might not be as well-known as Sony or Anthem Blue Cross, the VerticalScope hack could have exposed personal information for an estimated 45 million users on 1,100 online forums.
What does this mean for the users involved, for VerticalScope, and the hackers? Let's take a look.
Interconnected and Unsafe
First, a little background on VerticalScope, which runs online shopping and sports forums like AutoGuide.com, PetGuide.com, TopHosts.com, Motorcycle.com, and PBNation.com (PB as in paint ball). VerticalScope runs over one thousand such sites with an estimated 45 million users. The company denied the hack to ZDNet, saying only, "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies."
However, LeakedSource.com (a website that tracks hacks, and, owing to the inability to pull up their site, might themselves have been hacked) report that tens of millions of email addresses, encrypted passwords, usernames, and even IP addresses may have been stolen. It is "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale," the group said.
As with other recent hacks, this stolen user information can be used to create false accounts, access other accounts, or hijack social media accounts. So if you've had an account on any of VerticalScope's websites or forums, now's the time to change all of your passwords -- it helps to have different passwords for different accounts, but if you tend to use the same password for everything, you could be especially vulnerable.
So far, it doesn't appear that any of the VerticalScope user information is for sale on the dark web, which is a good thing. And the company is beefing up its cybersecurity in response:
We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.