June 16, 2016 by

45 Million Login Credentials Stolen from Over 1000 Websites

  Troves of records from data breaches just do not know when to quit. Some 45 million logins from over 1100 websites and popular forums including the likes of motorcycle.com and Techsupportforum.com have been leaked. Several popular websites running staggeringly outdated and easily vulnerable versions of forum software vBulletin have predictably been breached. The hacking technique and the hacker are currently unknown quantities. LeakedSource, a resource and aggregator for stolen credentials from breached data has revealed that usernames, passwords, email addresses and IP information of users were breached. The domains belonged to Verticalscope.com, with LeakedSource speculating that the latter’s network database may be interconnected with all compromised domains. It’s even possible that the data and credentials of users from Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com were all stored on the same network. VerticalScope has since confirmed the breach. Related read: Nearly Half a BILLION Passwords Stolen in MySpace Breach A majority of the passwords from 45 million user records (over 40 million of them) were encrypted with MD5 encryption with salting, an entirely insufficient cybersecurity measure. Less than 10% of the domains which account for an even smaller amount of user credentials (less than 2 million) used better encryption techniques. Predictably, most of the passwords are depressingly familiar. They include the likes of “123456” and “password”. Notably, some stick out for being predetermined automated passwords, with “18atcskd2w” and “3rjs1la7qe”. The former was used by over 91,000 users and the latter had 74,806 takers. All 41 million records contain an email address, username and a password along with the IP address. In some cases, a second password was also available. Although LeakedSource obtained and added this data trove in April, the resource only got around to analyzing it recently, with the results now available. Suffice to say, LIFARS recommends using unique, long passwords that are resistant to brute-force techniques as a good cybersecurity practice. This 11-year-old has the right idea.  Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Here are the 25 Most-Used Passwords of 2017

SplashData has published its annual list the most-used passwords and it makes for some entirely...

Read more arrow_forward

Pizza Hut Suffers Customer Card Breach, Discloses Hack 2 Weeks Later

Pizza chain Pizaa Hut was hacked on October 1st and October 2nd this month with hackers stealing...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward