45 Million Login Credentials Stolen from Over 1000 Websites

  Troves of records from data breaches just do not know when to quit. Some 45 million logins from over 1100 websites and popular forums including the likes of motorcycle.com and Techsupportforum.com have been leaked. Several popular websites running staggeringly outdated and easily vulnerable versions of forum software vBulletin have predictably been breached. The hacking technique and the hacker are currently unknown quantities. LeakedSource, a resource and aggregator for stolen credentials from breached data has revealed that usernames, passwords, email addresses and IP information of users were breached. The domains belonged to Verticalscope.com, with LeakedSource speculating that the latter’s network database may be interconnected with all compromised domains. It’s even possible that the data and credentials of users from Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com were all stored on the same network. VerticalScope has since confirmed the breach. Related read: Nearly Half a BILLION Passwords Stolen in MySpace Breach A majority of the passwords from 45 million user records (over 40 million of them) were encrypted with MD5 encryption with salting, an entirely insufficient cybersecurity measure. Less than 10% of the domains which account for an even smaller amount of user credentials (less than 2 million) used better encryption techniques. Predictably, most of the passwords are depressingly familiar. They include the likes of “123456” and “password”. Notably, some stick out for being predetermined automated passwords, with “18atcskd2w” and “3rjs1la7qe”. The former was used by over 91,000 users and the latter had 74,806 takers. All 41 million records contain an email address, username and a password along with the IP address. In some cases, a second password was also available. Although LeakedSource obtained and added this data trove in April, the resource only got around to analyzing it recently, with the results now available. Suffice to say, LIFARS recommends using unique, long passwords that are resistant to brute-force techniques as a good cybersecurity practice. This 11-year-old has the right idea.  Image credit: Pixabay.