Quoted in SecurityWeek.com: 45 Million Potentially Impacted by VerticalScope Hack

Source: http://www.securityweek.com/45-million-potentially-impacted-verticalscope-hack

Author: Ionut Arghire, Security Week

 

 

Here is my longer comment:

 

LeakedSource writes on their website about a massive breach of VerticalScope.com and all its affiliated websites from February 2016.

However, neither VerticalScope.com nor any of the websites mentioned in the LeakedSource page mention anything related to a hack.

Even if denial of a breach is not something unseen before, after reading the Summary of the dump on LeakedSource I am starting to see here a pattern:  “Each record may contain an email address, a username, an IP address, one password and in some cases a second password”. This is exactly the same as in the Myspace breach:”Each record may contain an email address, a username, one password and in some cases a second password.”

How come that two completely unrelated breaches share the dump format? Could it be that they are converted somehow into a single format before they are put on sale?

The assumption regarding the VerticalScope hack is that they used some vulnerable vBulletin software. I have verified this myself and this is why I found on a couple of their websites:

vbulletin

Doing a search on “vulnerabilities for vBulletin 3.8.7 Patch Level 3” can find on the first page various hacking tools. I haven’t tested any myself, but from their description they vary from cracking the licensing protection of vbulletin.com to sending spam and dumping data.

Some other very well known websites belonging to the VerticalScope group are WordPress instances. Those that I tested were running WordPress 4.2.4 (released on August 4, 2015). The latest version of WordPress is latest one is 4.5.2. Some plugins that are visible in these WordPress instances are also pretty outdated as well. We can’t exclude the fact that some of the plugins they use (Yoast SEO, NextGen Gallery, Better Related) might contains some vulnerabilities that hackers can easily exploit. WordPress runs a complete transparency policy for their software and for the plugins and themes used in WordPress.

What is disturbing for me to see is that VerticalScope writes on their blog that they will enhance the security of the passwords stored and they don’t even mention anything related to updating their potentially vulnerable software.

Seeing this mix of WordPress and VBulletin makes me also think again at the affirmation of LeakedSource that VerticalScope might store all data in a single place.

While this is technically not impossible, I seriously doubt that they invested so much work in consolidating user accounts into a single database.

As a conclusion, there are many things in the LeakedSource posting that simply don’t make too much sense if you see the big picture.


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close