Other Automotive Forums Hacked!

muddkatt · July 29, 2016

I received this email tonight and thought others would be interested if they have an account there:

Important information about your VerticalScope account

[email protected]
Today at 9:26 PM

To

Message body

Notice of Data Breach

You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:
www.toyotanation.com
www.3800pro.com
www.impalassforum.com
www.hotrodders.com
www.hotrodders.com

What Happened?

On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.

What Information Was Involved?

Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.

What We Are Doing

We have invalidated passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We have implemented stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.

VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.

What You Can Do

To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.

For More Information

If you have any questions, please feel free to contact our Community Management team by email at [email protected] or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. A Notice of Data Breach is also available on community websites involved in the data breach.