It’s being attributed to “third party addin” or “outdated version”.
Nothing to see here, right?
I drilled down into the story and comments. I gather that most of the compromised passwords look like they were autogenerated (a lot of them were apparently duplicates, many with several THOUSAND iterations). At first glance, it looks like the “victims” may be primarily bots.
I’ll be interested in seeing if this merits follow-up, though.
The linked article seems to say that the hacked forums were all operated by Verticalscope. As far as I know, the SDMB is not.
Usernames, email addresses, IP information, and passwords are breached.
This looks like a good time to change your passwords. Again.
*Popular passwords included the regular shockers, along with a scattering of seemingly randomised strong codes. The second most popular password was ‘18atcskd2w’ used by 91,103 accounts, with ‘3rjs1la7qe’ coming in fourth spot used by 74,806 accounts.
Speculation by LinuxTechShow pins the abundant complex passwords on malware which compromised accounts using credentials that appear to users on first blush to be unique.*
I wonder if - 18atcskd2w - was the software suggested password or the user/robot submitted password?
Well, I dodged a bullet – my banking password is 17atcskd2w. Whew!
Gesundheit.
Right. If the thefts were from thousands of separate and separately administered sites than it probably wouldn’t be talked about as if it were a single breach. Looking at the site, it appears that VeritcalScope is in the business of managing forums, with each of those forums having their own domain. So while their various forums may appear to be separate and unrelated to each other, they’re apparently all centrally adminstered, including the handling of sign ins and the storage of user info (including passwords).
It sounds like the passwords may not have even been encrypted or used weak encryption. If so, that doesn’t speak well for VeritcalScope.