Pontiac Solstice Forum banner

45 Million Accounts Hacked At Car Forums - Autoguide and others

13K views 29 replies 19 participants last post by  MomsSol 
#1 · (Edited)
45 Million Accounts Hacked At Car Forums - Solsticeforum and others

Never hurts to change your password

45 Million Accounts Hacked At Some Of The Biggest Car Forums

Visitors to many popular car, sports and tech websites including VWVortex, The Truth About Cars, Pirate 4x4, Focus Fanatics, EvoXForums, and AutoGuide should change their passwords ASAP, reports ZDNet. 45 million accounts hosted on VerticalScope’s 1,100 sites have been compromised by hackers.

[Full disclosure: I’ve done some freelance work for The Truth About Cars before, so yep, I’ve got to change my password, too.]

Experts at LeakedSource, a breach notification website, believe that VerticalScope, which owns sites like VWVortex and TTAC, may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”

Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.

Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet. So far, they note, the data has not appeared for sale on the dark web.
 
See less See more
This post has been deleted
#10 ·
OK, I just got email notification from the forum that my password had been changed by the admin, to some random string. When I sign in here today, I am presented with a screen that asks me for a new password, and contains the prompts:

Must be at least 10 characters
Must contain lower-case characters
Must contain upper-case characters
Must contain numbers
Must contain symbols

OK, sure, make us change the password, force it to be more than "password", but this is NOT the CIA. 8 characters with letters and numbers is more than adequate for this venue. Those of us with literally hundreds of passwords to manage will thank you.

c'mon guys...
 
  • Like
Reactions: MAKsys
This post has been deleted
#12 ·
A good thing to make a situation like this easier to handle is to write a protocol, so next time the team knows exactly what to do and can respond a lot swifter. Part of such a protocol is also to say sorry to your users (some of us even pay for this forum) because you messed up and explain the situation.
What a farce this is becoming. I guess a Canadian operation is not required to notify their users that their accounts have been hacked.

A simple apology, and an explanation would be nice, and could easily have been a part of the email they sent out with the changed passwords, but they're probably feeling overwhelmed right now.
 
#11 ·
Darn. I know that if someone gets a hold of GrandpaSolstice's password, he'll be able to use it along with $3 to get a Starbucks tall Caffe Latte, but having an "I have been hacked" excuse in my back pocket would have come in handy just in case I someday offend someone here.
 
#14 ·
I just changed mine too. At first I thought the email giving me a new temporary password was some kind of phishing expedition!
 
#19 ·
I received no notice from solsticeforum.com. Was only alerted to the issue because my password was no longer being accepted, then found this thread to shed some light on things. I went back into my "Deleted Items" folder to see if I had inadvertently deleted it - nope, no notice received. I ended up going through the "forgot password" process and had to enter a longer, more complex password, but at least I'm back in.
 
#17 · (Edited)
I changed mine also after they send me theirs.
I also changed it on the SKYroadster site even though no email was received to do so.
I have not been to that site for about 3 years but figure I better change it there as well.
 
#18 ·
my password was changed for me while I was not paying attention to the email account I used for this forum.

... could not get in for a few hours until I remembered this thread, and looked in that email account...

I'm back in business now...
 
  • Like
Reactions: King-Oka
#22 ·
I did not receive an email either, like mentioned before my password was no longer being accepted, so I did the lost password deal. Worked ok the first time, but had issues after that but seems to be ok now.
 
#25 · (Edited)
Oh, I get it. If my site has a security breach, generate a new password for every member and send it to them in an unencrypted email message in plain text along with instructions on how to change it. And don't forget to include their login name just in case they have forgotten it. That sounds secure.
 
#26 ·
But only do that 4 months after the security breach and do not inform your (paying) users what is going on, not even when it is all over the web and the news papers. Wait a few weeks more and only then post a message. But by no means admit you messed up of even say you are sorry. And after all this is over do not write a protocol to make sure you handle things better next time.
 
#27 ·
OK guys, this is still an issue. I just had to change my password again because I don't sign in often and I couldn't remember the convoluted password I came up with last time. Why the heck are we required to have such complex passwords for this place? As I said, isn't 8 characters with letters and numbers good enough?
 
#30 ·
IIRC members must change their password every 90 days. This is one way to provide greater security for your personnel information. It has nothing to do with the frequency of logging into the forum.

Regarding the "complex passwords"....nearly every internet account I have requires (for your protection) the password to include a capital letter, a number, and some also require a character.
 
  • Like
Reactions: Cmccomb1
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top