Hackers Infiltrate 45 Million Passwords From Over 1,000 Enthusiast Sites
The folks at LeakedSource, a breach notification website, says VerticalScope and all of its domains were hacked in February of this year. It's not known how the attack was carried out, though LeakedSource surmises that VerticalScope stored too much data on interconnected servers—hacking into one server could have allowed the culprit(s) access to other servers.
"Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale," LeakedSource notes in a blog post.
The good news is that the stolen passwords were stored in various encryption methods, but the bad news is that less than 10 percent of the domains used encryption schemes that are difficult to break—the vast majority were just MD5 with salting, which is easily thwarted by anyone determined and with the proper know-how.
It's presumed that not all of the accounts were important ones. In a list of the most popular passwords discovered in the data breach, there exists weak ones such as "111111," "password," and "qwerty," to name a few of the ones that are easier to guess. Interestingly, the second most common password on the list is "18atcskd2w," which was found to have been used more than 91,000 times.
LeakedSource lets you search your username, email address, or other identifying data to see if your accounts have been potentially compromised, along with where and when. Go here if you want to look it up.