New Verticalscope hack - Stromtrooper Forum : Suzuki V-Strom Motorcycle Forums
Rules, Forum Support, Help and Information [NOT FOR MOTORCYCLE RELATED QUESTIONS] Please read the rules before posting. Need help with this forum and it's functions? Post your concern in the relevant category for the volunteer moderators to assist you. [NOT for motorcycle related questions!]

 1Likes
Reply
 
LinkBack Thread Tools Display Modes
post #1 of 13 Old 11-06-2017, 10:54 AM Thread Starter
FORUM GODFATHER.....R.I.P. PAT
 
greywolf's Avatar
 
Join Date: Jan 2006
Location: Evanston IL USA
Posts: 38,049
Garage
New Verticalscope hack

https://krebsonsecurity.com/2017/11/...ts/#more-41365

Was Stromtrooper or VSRI hacked? Do we need to change passwords?

Pat- 2007 DL650A was ridden to all 48 contiguous states. I didn't quite make it to 17,000 miles on the 2012 DL650A.
Nicknames I use to lessen typing, Vee = 2002-2012 DL1000s. Vee2=2014-2016 DL1000s. Wee = 2004-2011 DL650s. Glee = 2012-2016 DL650s
See https://www.stromtrooper.com/general-...nicknames.html

Please vote in the poll on what Strom(s) you have at https://www.stromtrooper.com/informat...-you-have.html
greywolf is offline  
Sponsored Links
Advertisement
 
post #2 of 13 Old 11-06-2017, 11:25 AM
Fox
Stromthusiast!
 
Fox's Avatar
 
Join Date: Aug 2012
Location: Philadelphia
Posts: 550
Garage
I would assume so. The screen shot posted is from back end infrastructure.

This is why I use a different username and password here than on any other site. Years after we're promised https, radio silence. Verticalscope security is utter shit, expect things like this to continue happening.
Fox is offline  
post #3 of 13 Old 11-06-2017, 11:28 AM
$tromtrooper
 
Big B's Avatar
 
Join Date: May 2005
Location: Central OHIO "Go Buckeyes"
Posts: 16,323
Garage
Are their many many other owned forums getting hacked regularly too?
eagleeye likes this.

BRIAN "GO Buckeyes, GO Wildcats"!

2015 DL650 XT "Hector"

1997 Honda Valkyrie 1500 custom “Dolores”




Big B is offline  
 
post #4 of 13 Old 11-06-2017, 02:56 PM
Administrator
 
Administrator's Avatar
 
Join Date: Jun 2010
Posts: 1,017
Hey Guys,

We worked on the article above with the writer, unfortunately we currently do not have any more information on the breach. We are being proactive on this issue and the techs are looking into the matter.

Thank you,

~ Glenda
Administrator is offline  
post #5 of 13 Old 11-06-2017, 03:26 PM
Stromthusiast!
 
RCinNC's Avatar
 
Join Date: Dec 2012
Location: North Carolina
Posts: 4,625
LOL, I can't get to jazzed up at VerticalScope for their site security, when Equifax managed to let slip a barge full of personal/financial information on half the population of the US, not to mention the data intrusion at the federal Office of Personnel Management a few years back.

I must have at least a hundred different passwords for everything from email (none of my email accounts use the same PW) to banks to websites. All randomly generated, and about every six months I go through the rigamarole of changing them. Which is great, until the next "whoops, sorry about that" moment from another multi-billion dollar corporation with swiss cheese security. I'm seriously thinking that hacking should be a capital offense.

"No matter where you go, there you are."
RCinNC is offline  
post #6 of 13 Old 11-06-2017, 06:04 PM
Stromthusiast!
 
dmfdmf's Avatar
 
Join Date: Nov 2012
Location: California
Posts: 760
From the Krebs article;

Quote:
Verticalscope acknowledged in June 2016 that a hacking incident led to the siphoning of 45 million user accounts. Now, it appears the company may have been hit again, this time in a breach involving at least 2.7 million user accounts.
At least the size of the breaches are trending in the right direction.

Quote:
Reached for comment about the claims, Verticalscope said the company had detected an intrusion on six of its Web sites, including Toyotanation.com. “The intrusion granted access to each individual website files,” reads a statement shared by Verticalscope. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.” Verticalscope said the other forums impacted included Jeepforum.com — the company’s second most-popular site; and watchuseek.com, a forum for wristwatch enthusiasts.
This statement implies that if Stromtrooper.com was hacked we'd all be resetting our passwords already... so probably safe.

Pink Floyd: And did you exchange a walk-on part in the war for a lead role in a cage?
---------------------------------------------------------------------------------------------
Current: 2014 V-Strom DL650 ABS Red
Next Up: ?
Past: Suzuki: DL650AK7, GS400; Honda: CB125, Express 49cc
dmfdmf is offline  
post #7 of 13 Old 11-06-2017, 08:13 PM
Super Moderator
 
Brockie's Avatar
 
Join Date: Jul 2013
Location: Gatton, Queensland, Australia
Posts: 4,314
Garage
I'll be changing mine right now. Good move I reckon.

2010 Weestrom; 2017 Kawasaki Versys-X300; 1988 Suzuki GSXR1100
Brockie is offline  
post #8 of 13 Old 11-06-2017, 08:27 PM
Stromthusiast!
 
dmfdmf's Avatar
 
Join Date: Nov 2012
Location: California
Posts: 760
Quote:
Originally Posted by Brockie View Post
I'll be changing mine right now. Good move I reckon.
Can't hurt. If you are concerned about any online accounts go to Have I Been Pwned. You enter your email address and see if it is in known hacked databases like Adobe, Linkedin, MySpace, etc.

Pink Floyd: And did you exchange a walk-on part in the war for a lead role in a cage?
---------------------------------------------------------------------------------------------
Current: 2014 V-Strom DL650 ABS Red
Next Up: ?
Past: Suzuki: DL650AK7, GS400; Honda: CB125, Express 49cc
dmfdmf is offline  
post #9 of 13 Old 11-06-2017, 09:59 PM
Stromthusiast!
 
Join Date: Mar 2011
Location: Pasadna area
Posts: 13,207
So using you link, seems I've been Pwned, what ever that means. What do hackers get from my Strom site? A bunch of motorcycle stuff? my bank link?
Does it really matter?
I see a linkedin thing but I haven't done anything on that site for years.
notacop is offline  
post #10 of 13 Old 11-06-2017, 10:56 PM
Stromthusiast!
 
dmfdmf's Avatar
 
Join Date: Nov 2012
Location: California
Posts: 760
Quote:
Originally Posted by notacop View Post
So using you link, seems I've been Pwned, what ever that means.
It is hackerese for "Owned" meaning they got into your computer or got your credentials (username/password). In your case with LinkedIn it is the latter. The term comes from hackers commonly misspelling it due to the P being next to the O on the keyboard and it became jargon.

Quote:
What do hackers get from my Strom site? A bunch of motorcycle stuff? my bank link? Does it really matter? I see a linkedin thing but I haven't done anything on that site for years.
They are after money or email accounts for sending spam or infected links. Your email address is commonly used as the username for many other sites including your bank. Many people (my self included) used a simple, easy-to-remember password (+ a permutation such as a number) on sites without anything important such as this forum. After the first VerticalScope hack I had to change my password on a number of sites to unique passwords for all sites. Now if any site gets hacked they can't get into anything else I log into.

The way it works is they got your email and password from LinkedIn as "[email protected]" and the password of "notacop" they would then try those credentials at all the major email providers (with suitable permutations like "[email protected]" and [email protected], etc.) and at banks to see if they got a hit. I had a client who got pwned in the logmein breach and we reset his account passwords to unique passwords across all domains. About every month or two he gets an alert from logmein that someone from Uzbekistan (or some other -stan country) is trying to access his computer with the old credentials. There is nothing we can do once the info is out there.

Pink Floyd: And did you exchange a walk-on part in the war for a lead role in a cage?
---------------------------------------------------------------------------------------------
Current: 2014 V-Strom DL650 ABS Red
Next Up: ?
Past: Suzuki: DL650AK7, GS400; Honda: CB125, Express 49cc
dmfdmf is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Stromtrooper Forum : Suzuki V-Strom Motorcycle Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome