Hackers Allegedly Steal 1.4M Passwords From Mac Forums, Web Hosting Talk

An alleged hack at media company Penton results in another spill of millions of passwords.

|
Jul 8 2016, 10:45pm

Image: Che Saitta-Zelterman

A hacker or hackers has allegedly stolen more than 1.4 million passwords, email addresses, and other data from the databases of popular forums including Web Hosting Talk, and Mac Forums and HotScripts.

Someone who goes by the name "uid0" is offering to sell the three databases on the dark web underground market The Real Deal for a combined 7.2 bitcoin (approximately $4,752 at the current conversion rate), as first reported by CSO.

On Friday, an operator of the data breach awareness site LeakedSource said that hackers breached the media company Penton on July 4, 2016 and stole the databases of Web Hosting Talk, Mac Forums, HotScripts.com, dBforums, and A Best Web.

The operators, who told Motherboard that the site has obtained the hacked databases, except the one from HotScripts.com, said the total number of users compromised from the other four sites is 1,442,602. In his listing, the vendor uid0 wrote that HotScripts contains a million records, so the total of victims could be higher than 1.4 million.

The operator said that the passwords are not in plaintext, but are hashed, a process that turns the actual password into a different string of digits. And they're also "salted," which means a series of random bytes at the end of the passwords was added before they got hashed, a good practice to hide the real passwords. The bad news is that they were hashed with the MD5 algorithm, which is notoriously weak, and the salt is in the database "next to [the] hashes," according to the operator.

So the passwords should be relatively easy to crack. In fact, the operator said on Friday evening that they had cracked around 60 percent in only two hours.

LeakedSource announced the breach on its site on Friday evening, and shared a sample with Motherboard, but we were unable to verify its legitimacy. Penton did not respond to a request for comment.

The lesson: If you had an account on any of these forums, you should go in and change your password. And if you reused that password anywhere else, change it there too. And please, once again, don't reuse passwords across sites, and consider using a password manager. For Penton and its forums, the lesson is: don't use outdated practices when protecting your users' passwords.

Another day, another hack.