Canada-based Web forum manager Verticalscope suffered a massive data breach for the second time in two years. The recent attack affected email addresses, usernames, and passwords of 2.7 million users. The compromise was first noticed by Hold security, a computer security firm that helps companies to enhance their security posture and stay secure.
In a statement, Verticalscope told KrebsOnSecurity, “the intrusion granted access to each individual website files. Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.”
However, it did not disclose who conducted the attack and when did the data breach occur. Toyotanation.com, Jeepforum.com, and watchuseek.com are among six websites that have been impacted. Notably, Jeepforum.com is the second most popular website of Verticalscope.
Hold Security suspects that perpetrators gained access through a Web Shell backdoor, which can provide an unauthorized user remote access and control to a site.
Alex Holden, the security researcher and owner of Hold Security, alerted Krebs on November 2, 2017, that hackers were selling access to Verticalscope.com and other sites owned by it. He also claimed to have received screenshots of the stolen data from sellers.
During the investigation, Krebs wrote in his blog that after performing a simple search on compromised domains, he realized that there was a series of Pastebin posts, which were although deleted but highlighted that the hackers have tried to advertise on LuiDB (a suspicious new online service).
In June 2016, Verticalscope was hacked and the breach impacted 45 million user credentials from 1,100 websites and forums. The Internet media firm then had told users to change their passwords rather than notifying them about the breach.