Almost 1.7 million users affected by latest breaches
A hacker who goes by the name of uid0 claims to have breached three websites belonging to Penton Technology: Hot Scripts, Mac Forums, and Web Hosting Talk.
The hacker is now selling the data through The Real Deal Dark Web marketplace, like many other hackers have done before him.
In an encrypted conversation with your reporter, the hacker claims that he was able to obtain full database dumps from all three websites. This includes user records, private messages, site content, hashed and salted passwords.
Two of these websites, Mac Forums and Web Hosting Talk, run on the vBulletin forum platform. The hacker claims that he's in possession of a vBulletin zero-day, which allowed him access to these two sites.
It is currently unclear how the hacker breached the Hot Scripts service but shared servers might explain how he was able to acquire this service's database. This scenario is only unconfirmed speculation since Penton has yet to respond to Softpedia's request for comments.
Hacker leaks data for nearly 1,7 million users
According to uid0, the Mac Forums database contains the private details of over 291,000 users, the Hot Scripts database comprises details of over one million users, and the Web Hosting Talk data dump contains details on over 400,000 users.
The hacker is asking for 1.2 Bitcoin (~$800) for the Mac Forums database, and 3 Bitcoin (~$2,000) for each of the Hot Scripts and Web Hosting Talk databases.
In recent months, several database dumps belonging to LinkedIn, Tumblr, and MySpace have surfaced years after hackers breached those services. The hacker claims to have breached and dumped the data this year, in 2016.
Your reporter was not able to verify the validity of the hacker's data because uid0 deferred the release of sample data to a later date. On the Dark Web marketplace, the seller has a 100% positive feedback, meaning previous buyers have not complained about fake data.
Softpedia has also reached out to vBulletin regarding the hacker's claim to be in possession of a zero-day vulnerability.
Affected users should reset passwords ASAP
Users of these three services are advised to reset their passwords as soon as possible to avoid having their accounts compromised.
If they used the same username-password combo on other sites, they should change those credentials as well, since crooks have started to launch brute-force attacks on accounts on other sites using previously compromised credentials. One such service that has seen this kind of attacks is GitHub. Netflix and Facebook have taken special steps to prevent similar incidents.
Additionally, many of today's CEOs have had various social media accounts hacked using this type of method. The most famous case is Mark Zuckerberg, who had his Twitter and Pinterest accounts hacked because he used the same password he employed for his LinkedIn account, which was included in the recent publicly disclosed breach, also available for sale on the Dark Web.
Mac-Forums, Hot Scripts, and Web Hosting Talk databases for sale
Three websites owned by Penton Technology, acquired in 2015 as part of the purchase of iNET Interactive – MacForums.com, HotScripts.com, and WebHostingTalk.com – have been compromised and their databases are now being sold on the Darknet.
If enterprises want to understand how they can better invest in security defenses, build the necessary
On TheRealDeal website, a vendor with a solid reputation is offering the Mac-Forums database for ~$775.00, which includes 291,214 accounts.
The Hot Scripts database, with more than a million users, is currently going for ~$1,900.00.
The Web Hosting Talk database, with 498,321 users, is also available for ~$1,900.00.
Salted Hash has reached out to Penton Technology for additional details and comment. We'll update this story should they respond. For now, if you have an account on one of these websites, you should change your password.
Earlier this morning, Salted Hash reported the news that a number of Apple IDs have been compromised; leading some to speculate that there's been a breach at Apple. However, while a breach isn't confirmed – it's just a rumor at this point – what is verifiable is the trend of Apple devices being held for ransom.
It's possible that many of the ransom victims have been recycling their Apple ID credentials on other websites that have been compromised such as LinkedIn, or more recently Mac-Forums or Hot Scripts.