45 Million Accounts Hacked At Some Of The Biggest Car Forums

Photo credit: Shawn Sanders on Flickr via CC BY 2.0
Photo credit: Shawn Sanders on Flickr via CC BY 2.0

Visitors to many popular car, sports and tech websites including VWVortex, The Truth About Cars, Pirate 4x4, Focus Fanatics, EvoXForums, and AutoGuide should change their passwords ASAP, reports ZDNet. 45 million accounts hosted on VerticalScope’s 1,100 sites have been compromised by hackers.

[Full disclosure: I’ve done some freelance work for The Truth About Cars before, so yep, I’ve got to change my password, too.]

Experts at LeakedSource, a breach notification website, believe that VerticalScope, which owns sites like VWVortex and TTAC, may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”


Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.

Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet. So far, they note, the data has not appeared for sale on the dark web.

The Truth About Cars, one of the sites on the network affected.
The Truth About Cars, one of the sites on the network affected.

VerticalScope Vice President of Corporate Development Jerry Orban confirmed to ZDNet that they are investigating the breach:

We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies.

We believe that any potential breach is limited to usernames, user IDs, email addresses, and encrypted passwords of our users. In addition, we are reviewing our security policies and practices and in response to increased Internet awareness of security-related incidents, including potential incidents on our communities, we are implementing security changes related to our forum password strength and password expiration policies across certain forum communities.


In addition to numerous car forums, Toronto-based VerticalScope hosts sites on many other topics, including pets and home improvement. Even if you’ve resisted the urge to tell everyone on CadillacOwners that your brougham is the best brougham, you should probably check your other frequently visited sites anyway. A full list of VerticalScope’s properties can be found here.

If you’d rather search for your particular username or other identifying data, LeakedSource now includes all of the hacked information from the VerticalScope network.


Moderator, OppositeLock. Former Staff Writer, Jalopnik. 1984 "Porschelump" 944 race car, 1971 Volkswagen 411 race car, 2010 Mitsubishi Lancer GTS.

Share This Story

Get our `newsletter`


Turbolence1988 Loves Magic Turn Circles

I mean, how hard could it have been to guess some of these usernames and passwords anyway? Just follow the formula:

Email: [Chassis Code]4life[Year from 1985-2001]@[yahoo/aol/msn].com
Pass: fuck[Competing Car Brand]