The Channel logo


By | Darren Pauli 16th June 2016 04:57

Password reset: 45 million creds leak from popular .com forums

Complex codes top most used password lists

Some 45 million logins for 939 popular sites including,, and have been stolen.

The method of attack and actor responsible is unknown, although many of the sites ran a vastly outdated and hackable versions of vBulletin.

Usernames, email addresses, IP information, and passwords are breached.

Breach data aggregator LeakedSource which obtained the records says the Verticalscope site and its domains were hacked February. It is allowing users to search if they are affected, but victims have to pay money to learn what sites of the hundreds contain their breached records.

Users should ensure all critical accounts have strong and unique passwords.

"Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale," LeakedSource says.

"Most of the records (over 40 million) were just MD5 with salting and this is insufficient."

Popular passwords included the regular shockers, along with a scattering of seemingly randomised strong codes. The second most popular password was '18atcskd2w' used by 91,103 accounts, with '3rjs1la7qe' coming in fourth spot used by 74,806 accounts.

Speculation by LinuxTechShow pins the abundant complex passwords on malware which compromised accounts using credentials that appear to users on first blush to be unique.

Some 40 million of those breached accounts contain passwords encrypted using gossamer MD5 which can be broken easily.

VerticalScope corporate development vice-president Jerry Orban told ZDNet it was reviewing security policies including password strength and renewal requirements. ®

comment icon Read 29 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe