Verticalscope hacked again: At least 2.7 million accounts compromised in second major data breach
Hackers were found selling access to Verticalscope.com and a number of other sites operated by the company, security expert Brian Krebs reported.
Hackers have once again targeted Verticalscope, a Canadian firm that manages hundreds of popular web discussion forums with over 45 million user accounts. The breach has compromised at least 2.7 million user accounts. The Toronto-based company runs a network of support forums and online community websites catering to a wide range of interests, from outdoor and automotive to sports and technology.
In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource.com.
The latest breach impacted six websites, including Toyotanation.com, Jeepforum.com – the company's second-most popular website – and Watchuseek.com, security expert Brian Krebs first reported.
Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.
Holden initially suspected that a nefarious actor was just trying to resell data stolen in the 2016 breach.
"That was before he contacted one of the hackers selling the data and was given screen shots indicating that Verticalscope.com and several other properties were in fact compromised with a backdoor known as a 'Web shell'," Krebs wrote. "With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account."
The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope's website and Toyotanation.com, one of the company's most popular forums.
Krebs reported that a simple search on one of Verticalscope's compromised domains led to a series of Pastebin posts that have since been deleted "suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB".
"Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address," Krebs noted. "The first search is free, but viewing results requires purchasing a subscription for between $5 and $400 in Bitcoin."
"The intrusion granted access to each individual website files," Verticalscope said in a statement to Krebs. "Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access."
The company did not provide any details regarding when and how the attack took place or who carried out the hack. IBTimes UK has reached out to Verticalscope for further details.