According to reports, a hacker has stolen 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company that owns properties like HTCFlyerforums, TopHosts, Galaxy S2Forums, and DigitalHome. On its website, the company boasts 84 million unique visitors monthly and 540 million page views monthly.
“We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users,” Jerry Orban, vice-president of corporate development, told the publication in an email. “In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”
Breach notification site LeakedSource.com said that the scale of data taken is greater than suggested. “It’s likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale,” the group said.
Reportedly, domains in a sample database of leaked information — which included stolen emails, passwords, and the site the information was taken from — obtained by LeakedSource and provided to ZDNet showed that none of the domains offered even basic HTTPS website encryption. The latter would prevent usernames and passwords from being intercepted. The forums also appeared to use outdated forum software, some dating back to 2007 and were running on software easily exploitable to hackers.
The company has issued a statement today that urges users to reset their password and that it has taken measures to strengthen its password policies.