VerticalScope, which hosts 1,100 websites and forums, was hacked earlier this year, with the details of around 45 million users later leaked online.
Some of the most popular online communities hosted by VerticalScope include Techsupportforum.com, MobileCampsites.com, Pbnation.com, and Motorcycle.com, all of which were impacted by data leak. Apparently, the data was stolen during a breach in February this year, according to paid search engine LeakedSource, which broke the news on the incident.
Amit Ashbel, Cyber Security Evangelist at Checkmarx, told SecurityWeek that, regardless of how hackers managed to perform their attack, VerticalScope is to be held responsible if user passwords are cracked, mainly because they should have stored them as securely as possible.
“No matter how the attack was executed and how many layers of protection were implemented, VerticalScope, like others before them are accountable for the simple fact that they did not comply with the most basic standard of using sophisticated encryption techniques to avoid decryption of passwords which were stolen. The passwords were hashed using MD5 which anyone (yes anyone) could revert to plain text within minutes,” Ashbel says.
“Following the basic OWASP top 10 guidelines would have prevented a lot of headaches for both users and VerticalScope by making sure that the stolen data has much less value. Maybe it’s time that websites are forced to indicate what security standards they follow to protect their user’s data.”
Continue reading on SecurityWeek.com