StromTrooper banner

1 - 13 of 13 Posts

·
FORUM GODFATHER.....R.I.P. PAT
Joined
·
38,047 Posts
Discussion Starter #1

·
Registered
Joined
·
630 Posts
I would assume so. The screen shot posted is from back end infrastructure.

This is why I use a different username and password here than on any other site. Years after we're promised https, radio silence. Verticalscope security is utter shit, expect things like this to continue happening.
 

·
Administrator
Joined
·
1,131 Posts
Hey Guys,

We worked on the article above with the writer, unfortunately we currently do not have any more information on the breach. We are being proactive on this issue and the techs are looking into the matter.

Thank you,

~ Glenda
 

·
Registered
Joined
·
4,861 Posts
LOL, I can't get to jazzed up at VerticalScope for their site security, when Equifax managed to let slip a barge full of personal/financial information on half the population of the US, not to mention the data intrusion at the federal Office of Personnel Management a few years back.

I must have at least a hundred different passwords for everything from email (none of my email accounts use the same PW) to banks to websites. All randomly generated, and about every six months I go through the rigamarole of changing them. Which is great, until the next "whoops, sorry about that" moment from another multi-billion dollar corporation with swiss cheese security. I'm seriously thinking that hacking should be a capital offense.
 

·
Registered
Joined
·
813 Posts
From the Krebs article;

Verticalscope acknowledged in June 2016 that a hacking incident led to the siphoning of 45 million user accounts. Now, it appears the company may have been hit again, this time in a breach involving at least 2.7 million user accounts.
At least the size of the breaches are trending in the right direction.

Reached for comment about the claims, Verticalscope said the company had detected an intrusion on six of its Web sites, including Toyotanation.com. “The intrusion granted access to each individual website files,” reads a statement shared by Verticalscope. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.” Verticalscope said the other forums impacted included Jeepforum.com — the company’s second most-popular site; and watchuseek.com, a forum for wristwatch enthusiasts.
This statement implies that if Stromtrooper.com was hacked we'd all be resetting our passwords already... so probably safe.
 

·
Registered
Joined
·
813 Posts
I'll be changing mine right now. Good move I reckon.
Can't hurt. If you are concerned about any online accounts go to Have I Been Pwned. You enter your email address and see if it is in known hacked databases like Adobe, Linkedin, MySpace, etc.
 

·
Registered
Joined
·
14,237 Posts
So using you link, seems I've been Pwned, what ever that means. What do hackers get from my Strom site? A bunch of motorcycle stuff? my bank link?
Does it really matter?
I see a linkedin thing but I haven't done anything on that site for years.
 

·
Registered
Joined
·
813 Posts
So using you link, seems I've been Pwned, what ever that means.
It is hackerese for "Owned" meaning they got into your computer or got your credentials (username/password). In your case with LinkedIn it is the latter. The term comes from hackers commonly misspelling it due to the P being next to the O on the keyboard and it became jargon.

What do hackers get from my Strom site? A bunch of motorcycle stuff? my bank link? Does it really matter? I see a linkedin thing but I haven't done anything on that site for years.
They are after money or email accounts for sending spam or infected links. Your email address is commonly used as the username for many other sites including your bank. Many people (my self included) used a simple, easy-to-remember password (+ a permutation such as a number) on sites without anything important such as this forum. After the first VerticalScope hack I had to change my password on a number of sites to unique passwords for all sites. Now if any site gets hacked they can't get into anything else I log into.

The way it works is they got your email and password from LinkedIn as "[email protected]" and the password of "notacop" they would then try those credentials at all the major email providers (with suitable permutations like "[email protected]" and [email protected], etc.) and at banks to see if they got a hit. I had a client who got pwned in the logmein breach and we reset his account passwords to unique passwords across all domains. About every month or two he gets an alert from logmein that someone from Uzbekistan (or some other -stan country) is trying to access his computer with the old credentials. There is nothing we can do once the info is out there.
 

·
Registered
Joined
·
28 Posts
The increasing prevalence of hacks is why I am reluctant to put any personal info out on the web. If hackers can garner e-mail addresses/passwords and dig up enough personal and family info they have a higher probability of guessing the password reset security questions for logins. Anymore being on the web requires a constant diligence to protect your identity and assets. To be honest, it is a low level pain in the azz.

Every website (including this one) that requires a login should have a two-step authentication process - password and a code sent by text or phone call.
 

·
Super Moderator
Joined
·
4,521 Posts
The increasing prevalence of hacks is why I am reluctant to put any personal info out on the web. If hackers can garner e-mail addresses/passwords and dig up enough personal and family info they have a higher probability of guessing the password reset security questions for logins. Anymore being on the web requires a constant diligence to protect your identity and assets. To be honest, it is a low level pain in the azz.

Every website (including this one) that requires a login should have a two-step authentication process - password and a code sent by text or phone call.
Please no - that is an even bigger pain in the azz.

Get yourself a password manger. I use LastPass which gave me some issues today when changing my ST password.
Even my Kaspersky anti virus has one included for no extra fee. It is invaluable and convenient, but I do not trust any of them with my banking password.
 

·
Registered
Joined
·
14,237 Posts
I have different passwords and a log in my desk to remind me when I forget.
I don't have a file on the computer to store any info. I visit sites and close the page when done and open a new window.
I never follow an email link back. I access a portal I know to be the companies to avoid the phishing.
Someone sent me a bank alert about my card be temporarily stopped. I called the customer service number on the card and the banks showed to alerts.
Someone just phishing, I guess.
I wonder about all these sites that propose to protect you, like LastPass. I know too little to implicitly trust them.
 
1 - 13 of 13 Posts
Top