parent site hacked.
08-17-2016, 10:40 AM
#1
Pro
Thread Starter
parent site hacked.
So I got an email stating that the parent site for Corvette forums and many other forums which I am a member of was hacked and that email addresses, user names and passwords were stolen.
I have requested that they shut down any account sI have associated with my email addresses, what steps you all take are up to yoursleves.
I'll be back with a new username ASAP.
I have requested that they shut down any account sI have associated with my email addresses, what steps you all take are up to yoursleves.
I'll be back with a new username ASAP.
08-17-2016, 10:56 AM
#2
Race Director
Member Since: Jan 2014
Location: Huskerland
Posts: 10,519
Received 2,798 Likes
on
1,958 Posts
2021 C6 of the Year Finalist - Modified
my notice did not include the CF.........
08-17-2016, 10:58 AM
#4
Team Owner
Member Since: Mar 2004
Location: Oklahoma City OK
Posts: 58,255
Received 1,673 Likes
on
1,296 Posts
C6 of Year Finalist (appearance mods) 2019
I didn't receive a notice.
08-17-2016, 11:25 AM
#6
Team Owner
Member Since: Mar 2014
Location: Below the bottom of Berby Hollow, NYS
Posts: 21,631
Received 1,136 Likes
on
882 Posts
So I got an email stating that the parent site for Corvette forums and many other forums which I am a member of was hacked and that email addresses, user names and passwords were stolen.
I have requested that they shut down any account sI have associated with my email addresses, what steps you all take are up to yoursleves.
I'll be back with a new username ASAP.
I have requested that they shut down any account sI have associated with my email addresses, what steps you all take are up to yoursleves.
I'll be back with a new username ASAP.
08-17-2016, 12:37 PM
#7
Le Mans Master
Member Since: Sep 2014
Location: lake havasu city arizona
Posts: 7,011
Received 982 Likes
on
711 Posts
I got the Email also but it was concerning Challengertalk forums (yes I lurk) it was from Vertical Scope
Here ya go
NSF
Notice of Data Breach
You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:
www.challengertalk.com
What Happened?
On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.
What Information Was Involved?
Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.
What We Are Doing
We have invalidated passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We have implemented stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.
VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.
What You Can Do
To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.
For More Information
If you have any questions, please feel free to contact our Community Management team by email at cmsupport@verticalscope.com or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. A Notice of Data Breach is also available on community websites involved in the data breach.
This email was sent by VerticalScope Inc., 111 Peter Street, Suite 700, Toronto, ON, M5V2H1. If you have any questions regarding the communications you receive from us, please contact us.
Here ya go
NSF
Notice of Data Breach
You may have heard reports recently about a security issue involving VerticalScope. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you. VerticalScope owns and operates a number of community websites. You are receiving this email because you are a registered user of the following community website(s) involved in the data breach:
www.challengertalk.com
What Happened?
On June 13, 2016, we became aware that February 2016 data stolen from VerticalScope was being made available online.
What Information Was Involved?
Community member usernames, email addresses, hashed passwords, community userIDS, community website, and the IP address the username originally registered with.
What We Are Doing
We have invalidated passwords of all VerticalScope user accounts. We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security. We have implemented stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes. We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords). We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API's of the February breach to allow their own security teams to investigate. We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.
VerticalScope is taking steps to strengthen account security. We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security. We are taking steps to investigate and test new encryption and security technologies to further protect our users.
What You Can Do
To keep your account as safe as possible, we recommend that you regularly change your VerticalScope community password, and that you use a unique password for each of your online accounts. Using the same password for multiple online accounts significantly increases your chances of being compromised. Even though the passwords stolen in February were hashed, we recommend that if you were using (or are currently using) your VerticalScope community password across multiple online accounts, that you change your password for such other online accounts. We encourage you to regularly review your accounts and report any suspicious or unrecognized activity immediately.
For More Information
If you have any questions, please feel free to contact our Community Management team by email at cmsupport@verticalscope.com or on the website that you frequent. A support thread has been created on each website, and our support teams are on there to help you through the process and answer any questions you may have. A Notice of Data Breach is also available on community websites involved in the data breach.
This email was sent by VerticalScope Inc., 111 Peter Street, Suite 700, Toronto, ON, M5V2H1. If you have any questions regarding the communications you receive from us, please contact us.
Last edited by Not So Fast; 08-17-2016 at 12:37 PM.
How do we contact one 
08-17-2016, 01:05 PM
#13
Team Owner
The HELP forum is where it's been for the last 17 years.
Discuss it with JT. See if he can shed any light on the subject.
Don't create new UserIDs without talking to someone here about it.
Discuss it with JT. See if he can shed any light on the subject.
Don't create new UserIDs without talking to someone here about it.
Last edited by Vette_DD; 08-17-2016 at 01:08 PM.
08-17-2016, 01:28 PM
#14
CorvetteForum is owned and operated by Internet Brands, not Vertical Scope. The two are completely different companies.
While both companies use the vBulletin software, there are some significant differences and a lot of variables. The core software, for example, is continuously updated and patched. Internet Brands' team followed the hack on Vertical Scope to find that Internet Brands' sites was approximately 9 updates ahead of Vertical Scope's sites and used better encryption of data than the MD5 that was noted in the hack on Vertical Scope. Internet Brands also imnplemented Multi-Factor Authentication, a long time ago, for advanced Administrator features to help prevent unauthorized access.
While both companies use the vBulletin software, there are some significant differences and a lot of variables. The core software, for example, is continuously updated and patched. Internet Brands' team followed the hack on Vertical Scope to find that Internet Brands' sites was approximately 9 updates ahead of Vertical Scope's sites and used better encryption of data than the MD5 that was noted in the hack on Vertical Scope. Internet Brands also imnplemented Multi-Factor Authentication, a long time ago, for advanced Administrator features to help prevent unauthorized access.
08-17-2016, 06:56 PM
#17
Le Mans Master
I haven't received any information about the Corvette Forum, but about a month ago I got a notification from the Subaru Forester forum. What's funny about it is that the notification had 2 or 3 typos in it, and sounded like it was written in Nigeria, so I just ignored it. Turns out it was real. The Caddy ATS forum looks identical to the Subaru one, so I assume they are the same owner. I had to reset everything on both of them.
The only thing odd about this forum is that I've had to sign in a couple of times recently, and I normally just stay signed in all the time since I'm on my own computer. That issue seems to have cleared up though.
The only thing odd about this forum is that I've had to sign in a couple of times recently, and I normally just stay signed in all the time since I'm on my own computer. That issue seems to have cleared up though.
08-17-2016, 08:17 PM
#18
There was no notification sent about CorvetteForum because CorvetteForum is not owned by Vertical Scope and thus CorvetteForum was not involved in the data breach.
As far as the log in issue where you had to log in 2 or 3 times in the past few weeks, that was normal and also stated in the Help forum. They were due to updates and a few changes to the software. Some updates and changes are more seamless than others.
As far as the log in issue where you had to log in 2 or 3 times in the past few weeks, that was normal and also stated in the Help forum. They were due to updates and a few changes to the software. Some updates and changes are more seamless than others.
I haven't received any information about the Corvette Forum, but about a month ago I got a notification from the Subaru Forester forum. What's funny about it is that the notification had 2 or 3 typos in it, and sounded like it was written in Nigeria, so I just ignored it. Turns out it was real. The Caddy ATS forum looks identical to the Subaru one, so I assume they are the same owner. I had to reset everything on both of them.
The only thing odd about this forum is that I've had to sign in a couple of times recently, and I normally just stay signed in all the time since I'm on my own computer. That issue seems to have cleared up though.
The only thing odd about this forum is that I've had to sign in a couple of times recently, and I normally just stay signed in all the time since I'm on my own computer. That issue seems to have cleared up though.