Science

VerticalScope, online forum operator, hacked; says it's beefing up security

VerticalScope, a Toronto-based company that operates hundreds of websites and online forums, was the victim of a hack earlier this year, in which millions of user records were stolen.

AutoGuide.com, PetGuide.com, Motorcycle.com and ATV.com among company's sites

The website Leaked Source said VerticalScope did not use tough-to-break encryption methods on most of its user accounts. (Mal Langsdon/Reuters)

VerticalScope, a Toronto-based company that operates hundreds of websites and online forums, was the victim of a hack earlier this year, in which millions of user records were stolen.

VerticalScope owns more than 1,100 community forum websites and content portals, including AutoGuide.com, PetGuide.com, Motorcycle.com and ATV.com.

The company said it recently became aware of what it is calling a potential breach. It said its internal security team is investigating, and is working with law enforcement agencies on the hack.

"We believe that any potential breach is limited to user names, user IDs, email addresses, IP addresses and encrypted passwords of our community users," Jerry Orban, vice-president of corporate development, said in an emailed statement to CBC News of the February data breach.

While Orban says only encrypted passwords were stolen, the website Leaked Source, which compiles information about online data hacks, reported that VerticalScope did not use strong encryption on most of its user passwords. 

It published a list of decrypted passwords used on VerticalScope forums, and said many of the hacked passwords appear to be default ones, such as "18atcskd2w," which the site lists as the second-most used password on VerticalScope accounts. The third-most common password listed is the bafflingly still popular "password."

"We are implementing changes to strengthen our password policies and practices across all of our communities as a precautionary security measure," said Orban.

These changes include requiring administrators and moderators to use a two-step password verification system. 

The company is notifying its community members that they should reset their passwords, and passwords will need to be changed more often. Also, the company is requiring passwords to be stronger — they have to be more than 10 characters, and have a mix of upper and lowercase letters, numbers and symbols. Users will be encouraged to use different passwords for their multiple online accounts.

Orban said the company would not comment further on the breach.

Torstar Corp., which publishes the Toronto Star, acquired a 56 per cent stake in VerticalScope Holdings last year for $200 million.

With files from the CBC's Laura Wright