Data breach on other forums - Check your memberships

[Ewazix]

This does not involve Z4-Forum.com accounts but is a heads-up in case you have other forum memberships.

VerticalScope operate 550 Website forums of all kinds including over 30 automotive, they have 17.5 million user accounts including paid memberships. On the 13th June 2016 a data breach released details of users membership details, ID, passwords, IP addresses etc on to the web. They are taking steps to change passwords but if you use passwords elsewhere, or the same user name, or the same email addresses elsewhere this makes you vulnerable. No mention has been made about the financial data... yet.

It's worth checking the forum list that includes Merc, Subaru, Jeep, Civic, Off Road and other auto forums, as well as the other 500 odd lifestyle forums. The main risk may be zombie memberships you have forgotten about or used old email addresses for as you won't get the password change email (which doesn't even mention the data breach!).

Auto forum list http://www.verticalscope.com/automotive/ (see 'our Verticals' at the top of the linked page for all the other lifestyle forums)

Vertical scope breach info http://www.verticalscope.com/about-us/notice-of-data-breach.html

 

[Angie4m]

Nice heads up. I certainly wasn't aware until Friday morning when my password on the GTROC was reset and left me scratching my head as to why.

Luckily no financial information held on there.

 

[cj10jeeper]

Same on a Jaguar site I'm registered with. Password reset with no explanation.

Was only hashed passwords, plus IP address email, etc., but still worrying that data can so easily be stolen and it took months for what is a huge organisation to find out and only then when it was being sold on the Internet...

 

[BMWZ4MC]

Thanks - that explains why I've received a password reset email for one of the Mercedes forums, again with no explanation as to why until you visit the site.

 

[d3matt]

That's exactly why I use a password manager. Its a bit of work initially, but its so worth going down that route. I now have a unique secure & long password for every site and best of all I don't need to know or remember any of them. So if one site gets hacked, the info is useless as its unique to that site. If you've not used a password manager before, they're well worth the time and money - in my case only about £8 per year for LastPass. Its brill.
PS. There's a free version of LastPass too.

 

[stuartC]

Explains why I got a password reset from bimmerforums then

Buggered if I can remember what my password was before, so meh.

I have different passwords for every account on every site, easy if you use a password manager. My personal preference is KeePass (free) which can be kept in synch with mobile devices by using dropbox or similar.

 

[cj10jeeper]

Another vote for Keepass
No idea how I'd control life without it...

 

[enzed4]

I've had to change a few accounts that shared similar details - nothing financial, just wouldn't want someone hacking any of them for any reason.
I've always been worried that if Keepass or similar was hacked wouldn't you lose everything? Where is the data stored, in the cloud or on your local machine?

 

[ZedFourM]

I've always been worried that if Keepass or similar was hacked wouldn't you lose everything? Where is the data stored, in the cloud or on your local machine?

I'm another user of Keypass.

I have a number of local copies of my encrypted password database (PC, laptop, phone), which I synchronise manually. I'd never store a copy in the cloud, just in case Keypass was ever hacked.

 

[enzed4]

I've always been worried that if Keepass or similar was hacked wouldn't you lose everything? Where is the data stored, in the cloud or on your local machine?

I'm another user of Keypass.

I have a number of local copies of my encrypted password database (PC, laptop, phone), which I synchronise manually. I'd never store a copy in the cloud, just in case Keypass was ever hacked.

Ok, thanks. I might look into keypass