In June 2016 we reported that the well-known Toronto, Canada-based Internet Media firm VerticalScope became a victim of a huge data breach, but the firm chose to keep this information secret from users instead of asking them to change their passwords.
The breach was identified by now closed Leaked Source platform, and that’s how the entire hacking and data breach fiasco came to the limelight, and in June 2016 the firm admitted about the data breach in which 45 million user accounts got compromised.
Vertical Scope is a company responsible for managing hundreds of web discussion forums as well as online community websites serving a versatile range of interests including sports, outdoor activities, automobiles, and technology.
According to the findings of security expert Brian Krebs, Vertical Scope has been targeted by hackers once again and approx. 2.7 million user accounts and six websites have been affected.
The affected websites include Watchuseek.com, Jeepforum.com, and Toyotanation.com. It is worth noting that Jeepforum.com is the second most widely visited and famous website of Vertical Scope.
Security researcher Alex Holden, the founder of Hold Security, informed Krebs last week that numerous websites owned by Vertical Scope and the company’s access were on sale online. Holden initially believed that hackers were trying to resell the previously hacked data, which was stolen in the earlier breach in 2016.
Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.
When he contacted one of the hackers, who was selling the stolen data and learned that Verticalscope.com and some of its operated websites were compromised again using Web Shell backdoor. The seller also sent him screenshots of the stolen data.
Krebs noted in his blog post that when Web Shell is installed on any website, anyone can monitor the site remotely and perform a variety of functions such as deleting the content or capture the whole database including confidential information like usernames, passwords, email IDs and IP addresses.
He was able to identify two backdoors on websites Toyotanation.com, and after performing a simple search on compromised domains, Krebs realized that there was a series of Pastebin posts, which were although deleted but highlighted that the hackers have tried to advertise on LuiDB.
LuiDB is a suspicious new online service that lets registered users on a website to search for account details linked with any of the data stolen in a breach including login, passwords, email, first/last name and IP address. It offers first search attempt for free but to view results; the user has to subscribe for a fee that ranges between $5 and $400 in Bitcoin.
In its official statement to Krebs, Vertical Scope noted that the intruders obtained access to all individual websites files but did not provide exclusive details about who conducted the attack and when did the data breach occur.
“Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access,” noted Vertical Scope.
Via: Krebs on Security