VerticalScope, online forum operator, hacked; says it's beefing up security

VerticalScope, a Toronto-based company that operates hundreds of websites and online forums, was the victim of a hackearlier this year, in which millions of user records were stolen.

• LinkedIn says 117 million accounts were hacked in 2012
• Mark Zuckerberg hack a cautionary tale about password security

VerticalScopeowns more than 1,100 community forumwebsitesand content portals, includingAutoGuide.com, PetGuide.com, Motorcycle.com and ATV.com.

The company said it recently became aware of what it is calling a potential breach. Itsaidits internal security team is investigating, and is working withlaw enforcement agencies on the hack.

"We believe that any potential breach is limited to user names, user IDs, email addresses, IP addresses and encrypted passwords of our community users," Jerry Orban, vice-president of corporate development, said in an emailed statement to CBC Newsof the February data breach.

While Orban says only encrypted passwords were stolen, thewebsiteLeaked Source, which compiles information about online data hacks,reported thatVerticalScopedid notuse strong encryption on most ofits user passwords.

It published a list of decrypted passwords used on VerticalScope forums, andsaid many of the hacked passwords appear to be default ones,such as "18atcskd2w,"which the site lists as the second-most used password onVerticalScopeaccounts. Thethird-most common password listed isthebafflinglystill popular"password."

"We are implementingchanges to strengthen our password policies and practices across all of our communities as a precautionary security measure," saidOrban.

These changes include requiring administrators and moderatorsto use a two-steppassword verification system.

• Worst passwords of 2015 unveiled by SplashData

The company is notifying its community members that they should reset their passwords, and passwords will need to be changed more often. Also, the company is requiring passwords to be stronger they have to be more than 10 characters, and havea mix of upper and lowercase letters, numbers and symbols. Users will be encouraged to use different passwords for their multiple online accounts.

Orbansaid the company would not comment further on the breach.

Torstar Corp., which publishes the Toronto Star, acquired a 56 per cent stake in VerticalScope Holdings last year for $200 million.