News:

It appears that the upgrade forces a login and many, many of you have forgotten your passwords and didn't set up any reminders. Contact me directly through helpmelogin@dodgecharger.com and I'll help sort it out.

Main Menu

Data breach on car related forums/sites

Started by Troy, September 12, 2016, 09:47:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Troy

September 12, 2016, 09:47:57 AM
I found a message in my Spam filter this morning but it sounded legit so I checked it out. There has been a data breach at a large company that specializes in automotive web sites. About 45 million accounts were affected and the data has been made available. The company has been sending emails but due to the massive amount it seems they've been getting caught as spam and/or blacklisted (how's that, you can't even warn people without being flagged as a bad guy).
http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/

Since it's hard to know which sites belong to this company I found a list:
http://www.verticalscope.com/automotive/site-list.html

Turns out I'm a member on 7 of them! Most have implemented a mandatory password reset. More importantly, if you use the same user name and password for all the site you're on you need to change them all.

Troy
Sarcasm detector, that's a real good invention.

charger_fan_4ever

#1
September 12, 2016, 09:56:13 AM
I got this one as well last week.

DixieRestoParts

#2
September 12, 2016, 11:38:34 AM
Thanks for posting. I was on a couple.
Dixie Restoration Parts
Ball Ground, Georgia
Phone: (770) 975-9898
Phone Hours: M-F 10am-6pm EST
mail@dixierestorationparts.com
Veteran owned small business

The Best Parts at a Fair Price

69bronzeT5

#3
September 12, 2016, 12:20:23 PM
Lovely. I'm on 4 of them.
Feature Editor for Mopar Connection Magazine
http://moparconnectionmagazine.com/



1969 Charger: T5 Copper 383 Automatic
1970 Challenger R/T: FC7 Plum Crazy 440 Automatic
1970 GTO: Black 400 Ram Air III 4-Speed
1971 Charger Super Bee: GY3 Citron Yella 440 4-Speed
1972 Charger: FE5 Red 360 Automatic
1973 Charger Rallye: FY1 Top Banana 440 Automatic
1973 Plymouth Road Runner: FE5 Red 440 Automatic
1973 Plymouth Duster: FC7 Plum Crazy 318 Automatic

polywideblock

#4
September 12, 2016, 03:59:59 PM
none of the above    :2thumbs: thanks for posting    :cheers:


  and 71 GA4  383 magnum  SE

Lennard

#5
September 12, 2016, 05:20:04 PM
This is the only car forum I'm on and it's not on the list so I'm safe. :chatting:

tan top

#6
September 13, 2016, 01:32:03 AM
Quote from: polywideblock on September 12, 2016, 03:59:59 PM
none of the above    :2thumbs: thanks for posting    :cheers:

me too , good info ! thanks for posting  :cheers:
Feel free to post any relevant picture you think we all might like to see in the threads below!

Charger Stuff 
http://www.dodgecharger.com/forum/index.php/topic,86777.0.html
Chargers in the background where you least expect them 
http://www.dodgecharger.com/forum/index.php/topic,97261.0.html
C500 & Daytonas & Superbirds
http://www.dodgecharger.com/forum/index.php/topic,95432.0.html
Interesting pictures & Stuff 
http://www.dodgecharger.com/forum/index.php/topic,109484.925.html
Old Dodge dealer photos wanted
 http://www.dodgecharger.com/forum/index.php/topic,120850.0.html

Drache

#7
September 13, 2016, 01:33:44 AM
It's not just car websites. I got the same email but it was for a motorcycle forum I was a member of.
Dart
Racing
Ass
Chasing
Hellion
Extraordinaire

440

#8
September 13, 2016, 02:06:14 AM
None of those forums here  :2thumbs:

It's refreshing to know this site is a tight ship. Not having ads makes things more secure I'm sure. Do we have bots that troll this forum?

Thanks Troy.

Drache

#9
September 13, 2016, 02:29:26 AM
Quote from: 440 on September 13, 2016, 02:06:14 AM
None of those forums here  :2thumbs:

It's refreshing to know this site is a tight ship. Not having ads makes things more secure I'm sure. Do we have bots that troll this forum?

Thanks Troy.

Almost all public forums have some type of "bot". Google is one of the most notorious for bots.

Also ads aren't a big issue when it comes to things like this.

Breeches like this are caused by hacking either the forum software itself (vbulletin for example, which has been hacked a few times in the past) or hacking hosting companies for unknown reasons.
Dart
Racing
Ass
Chasing
Hellion
Extraordinaire

garner7555

#10
September 13, 2016, 06:06:16 AM
It's not on the list, but the protouringmopar.com forum was acting strange a few weeks ago and now it doesn't exist anymore.    :shruggy:    Not sure if it's connected to this or not.   Thanks for the info Troy.
69 Charger 440 resto-mod

Troy

#11
September 13, 2016, 09:55:33 AM
Quote from: 440 on September 13, 2016, 02:06:14 AM
None of those forums here  :2thumbs:

It's refreshing to know this site is a tight ship. Not having ads makes things more secure I'm sure. Do we have bots that troll this forum?

Thanks Troy.
Definitely! Except "troll" is the wrong word for what we have. The easiest to identify are the ones that register new accounts. We get 6-15 of these per day. Sadly, most of these come from commercially available "SEO" software. Essentially it creates accounts on forums then posts links to whatever site they're trying to boost. Google and other search engines rank a site (partially) based on how many times it is referenced around the web. Some of them will post SPAM or porn. This is why I have to personally approve every new account. It's annoying and time consuming but necessary.

Then there are the "brute force" attacks. The forum is constantly bombarded with requests for invalid pages and/or ones that have known vulnerabilities. Then there are the attacks on the web server itself looking for unsecured scripts or test pages that have been left open. Lastly there are port scans and attacks on any open services. Most all of these can be caught/blocked rather quickly using scripts OR by identifying the origin of the attack and refusing connections from the entire network. This is why the site may not work when you're traveling to certain countries (Russia, Ukraine, China, Philippines, Korea, Moldova, etc.). If I had the money I'd pay for better firewalls so they wouldn't even get that far.

Troy
Sarcasm detector, that's a real good invention.

JB400

#12
September 13, 2016, 03:56:07 PM
Thanks for the heads up. :cheers:  Luckily, I wasn't on any of them.

67Charger440

#13
September 14, 2016, 01:25:24 PM
Hobbyist car-guy forums are a waste of time for these guys...  None of us have any money left to steal!  :2thumbs:

ws23rt

#14
September 14, 2016, 03:42:37 PM
Thanks for the heads up.  I am on one of them but haven't signed in on it in months. :2thumbs:

odcics2

#15
September 15, 2016, 10:57:15 AM
Quote from: Troy on September 12, 2016, 09:47:57 AM
I found a message in my Spam filter this morning but it sounded legit so I checked it out. There has been a data breach at a large company that specializes in automotive web sites. About 45 million accounts were affected and the data has been made available. The company has been sending emails but due to the massive amount it seems they've been getting caught as spam and/or blacklisted (how's that, you can't even warn people without being flagged as a bad guy).
http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/

Since it's hard to know which sites belong to this company I found a list:
http://www.verticalscope.com/automotive/site-list.html

Turns out I'm a member on 7 of them! Most have implemented a mandatory password reset. More importantly, if you use the same user name and password for all the site you're on you need to change them all.

Troy


Thanks for the heads up. Looks like mostly the newer Mopars are involved..
I've never owned anything but a MoPar. Can you say that?
Print
Go Up Pages1
User actions