The VerticalScope Breach: How it affects M6G.com?

Dirtyblueshirt · Jun 15, 2016

Hopefully [MENTION=1]Jarstang[/MENTION] can help look into this.

Today, it was reported that VerticalScope suffered a breach of 45 million usernames and MD5-hashed passwords. VerticalScope owns several hundred car, hobby, and varied web forums and websites.

NOTE: VerticalScope does NOT Own Mustang6G.com and user credentials are not directly impacted by this breach. There is NO indication that there is any problem with the integrity of the M6G Forums.

It's stated that attackers gained access via known vulnerabilities in outdated versions of vBulletin software. M6G uses vBulletin 3.8.8, and the most current version of vBulletin software is 5.2.0.

As I'm sure many other members here also have similar logins at many car forums, some that may be owned by VerticalScope; I've changed my password here as well as other sites. You all should too.

As a career Network Security Analyst, I would like to know the following questions as it relates to the security of M6G:

1. What is the plan to update to a more modern and better-supported version of vBulletin to eliminate potential vulnerabilities?

2. What steps will M6G be taking in the wake of these breaches to ensure they do not fall victim to a similar attack?

Thanks for your attention!

Coaster · Jun 15, 2016

Step 1: Don't use the same password on multiple sites if you care at all about the security of those sites.

Dirtyblueshirt · Jun 15, 2016

Coaster said:
Step 1: Don't use the same password on multiple sites if you care at all about the security of those sites.

I generally don't. But with so many logins, I do base my credentials on data breach risk (i.e my forum passwords aren't the same as my email passwords, or my bank passwords, etc...)

cbass · Jun 15, 2016

You guys know about the forum software password security features? If the forum detects that you are posting your password it filters it for you.

********** <- that's what happens when I type my password.

Jarstang · Jun 15, 2016

The reason for the scale of the breach of the VerticalScope sites was the sheer amount of data and number of sites hosted on the same or connected servers. As you correctly stated, Mustang6G is not affiliated with them in any way.

However, we will be increasing our security monitoring that we perform on a regular basis and explore changes related to password strength and expiration.

There are thousands of sites that run VB 3.8.x without any security breaches and VB4 and VB5 sites were not immune to the breach. The reason Mustang6G does not run those versions is because frankly, vBulletin went downhill starting with VB4 and the loss of its core developers. You will find that much of the developer community share that opinion.

The breach of the VerticalScope sites was limited to usernames, email addresses and encrypted passwords. As a general matter, all members should use common sense with respect to your forum accounts.

- Change your password on a regular basis and choose a unique alphanumeric password that is not easy to guess and not shared with any of your other accounts.

- Minimize use of your forum account on public computers. Clear passwords, cache and cookies if you do so.

- It goes without saying you should avoid entering any sensitive or private info in your user profiles and signatures. There should be no reason to enter info such as home/work addresses, social security info, sensitive work email addresses, credit card/payment info etc.

Dirtyblueshirt · Jun 15, 2016

Jarstang said:
The reason for the scale of the breach of the VerticalScope sites was the sheer amount of data and number of sites hosted on the same or connected servers. As you correctly stated, Mustang6G is not affiliated with them in any way.

However, we will be increasing our security monitoring that we perform on a regular basis and explore changes related to password strength and expiration.

There are thousands of sites that run VB 3.8.x without any security breaches and VB4 and VB5 sites were not immune to the breach. The reason Mustang6G does not run those versions is because frankly, vBulletin went downhill starting with VB4 and the loss of its core developers. You will find that much of the developer community share that opinion.

The breach of the VerticalScope sites was limited to usernames, email addresses and encrypted passwords. As a general matter, all members should use common sense with respect to your forum accounts.

- Change your password on a regular basis and choose a unique alphanumeric password that is not easy to guess and not shared with any of your other accounts.

- Minimize use of your forum account on public computers. Clear passwords, cache and cookies if you do so.

- It goes without saying you should avoid entering any sensitive or private info in your user profiles and signatures. There should be no reason to enter info such as home/work addresses, social security info, sensitive work email addresses, credit card/payment info etc.

Thank you for your honest response. Beleive me, it's a far more refreshing dose of transparency than a majority of online communities.

Cobra Jet · Aug 14, 2016

I HOPE this site NEVER becomes part of Vertical Scope... Every site they have bought out has turned to crap and the original users have abandoned them...

The VerticalScope Breach: How it affects M6G.com?

Dirtyblueshirt

Award Winning Taste™

Coaster

RallyNorthAmerica.com

Dirtyblueshirt

Award Winning Taste™

cbass

Well-Known Member

Jarstang

Administrator

Dirtyblueshirt

Award Winning Taste™

Cobra Jet

Well-Known Member

Similar threads