Digital Corvettes hacked

JPhil

Huh?
Joined
Mar 26, 2008
Messages
1,361
Location
Loveland, Colorado, USA
I just got this on my work e-mail, thought I'd pass it along......

Notice of Data Breach
You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:

www.gixxer.com
www.digitalcorvettes.com

What Happened?
On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.
What Information Was Involved?
Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.
What We Are Doing
We have invalidated passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We have implemented stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.
VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.
What You Can Do
To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.
For More Information
If you have any questions, please feel free to contact our Community Management team by email at [email protected] or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. A Notice of Data Breach is also available on community websites involved in the data breach.

This email was sent by VerticalScope Inc., 111 Peter Street, Suite 700, Toronto,
 
Hopefully the password were in hashed form, and thus cannot be used directly to log onto user's account.
 
I fail to see what sort of good that info could do someone.....so they have say my password, so what?? the sites don't have any info on my SS# or bank accounts......so they know my name so what?? seems like useless information to me......
 
I fail to see what sort of good that info could do someone.....so they have say my password, so what?? the sites don't have any info on my SS# or bank accounts......so they know my name so what?? seems like useless information to me......
First they don't have the actual password, just the hashed password, won't go into detail but it's not usable right away.
What's important are the email addresses, they probably got sold to some spammers.
IPs could also be exploited, at least for those that are static.
I think you could also enter you Skype id in you user info, that also can be sold to scammers.
 
Top