45 million creds leak from popular .com forums

mysticsniper · 16 Jun 2016 at 09:07

Some 45 million logins for 939 popular sites including motorcycle.com, autoguide.com, and mothering.com have been stolen.

The method of attack and actor responsible is unknown, although many of the sites ran a vastly outdated and hackable versions of vBulletin.

Usernames, email addresses, IP information, and passwords are breached.

"Most of the records (over 40 million) were just MD5 with salting and this is insufficient."

Popular passwords included the regular shockers, along with a scattering of seemingly randomised strong codes. The second most popular password was '18atcskd2w' used by 91,103 accounts, with '3rjs1la7qe' coming in fourth spot used by 74,806 accounts.

More information can be found here - https://www.leakedsource.com/blog/verticalscope

The mind boggles how owners of these sites can use such weak hashes and not patch system vulnerabilities :rolleyes:

I'm sure OcUK don't make these huge mistakes

mysticsniper · 16 Jun 2016 at 13:28

nipnosis said:
This situation seems to be happening more and more, can't people just leave other peoples stuff alone haha!

Everyone makes it easy for them, not patching systems and using weak/ outdated ciphers, is just as bad as users re-using non-complex passwords on different sites; they're all asking for trouble.

mysticsniper · 17 Jun 2016 at 08:39

Looks like the popular github site has been breached as well now

http://thehackernews.com/2016/06/github-password-hack.html

Glaucus said:
this is where lastpass comes in.
the second and fourth passwords are a bit odd.
any tech blogs that have tried explaining that yet.

Those are the passwords used by the bots, look up near the start of the thread

45 million creds leak from popular .com forums

mysticsniper

mysticsniper

mysticsniper

mysticsniper

mysticsniper

mysticsniper