AutoGuide Servers Hacked? - The Saab Link Forums

Go Back   The Saab Link Forums > Welcome to The Saab Link > Saab Link Site Issue Forum

Saab Link Site Issue Forum Post any questions, concerns, and issues you are having with the site that need to be resolved.

SaabLink.net is the premier Saab Forum on the internet. Registered Users do not see the above ads.
Reply
 
LinkBack Thread Tools
Old 06-15-2016, 09:05 AM   #1
SAAB Road Master
 
Join Date: Aug 2010
Location: Nova Scotia, Canada
Posts: 398
AutoGuide Servers Hacked?

45 Million Accounts Hacked At Some Of The Biggest Car Forums


This article indicates that VerticalScope / AutoGuide accounts were hacked and info leaked. Could an AGadmin please comment?

..
jimbosaab is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
Old 06-15-2016, 08:12 PM   #2
Elder
 
VWSAABVT's Avatar
 
Join Date: Mar 2006
Location: Lima Ohio
Posts: 3,061
Send a message via AIM to VWSAABVT
oh no, not my super secure saablink account with all my life secrets....
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
stg 5 99 9-3 coupe
96 900se sold
VWSAABVT is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-16-2016, 05:09 AM   #3
SAAB Road Master
 
Join Date: Aug 2010
Location: Nova Scotia, Canada
Posts: 398
Quote:
Originally Posted by VWSAABVT View Post
oh no, not my super secure saablink account with all my life secrets....

very true, but some members might care a little, so I figured why not see what the Admins have to say...
jimbosaab is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
 
Old 06-16-2016, 07:15 AM   #4
Helena
Site Admin
 
AGadmin's Avatar
 
Join Date: Apr 2011
Posts: 494
Hi guys,

We had an announcement posted in the community for moderators and users as well. Looks like this forum is missing the one for the community. Please stand by while we hook up the announcement thread for you guys as well.

All questions should be directed there.

Lee
AGadmin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-26-2016, 08:33 AM   #5
SAAB Road Master
 
Join Date: Aug 2010
Location: Nova Scotia, Canada
Posts: 398
https://www.saablink.net/forum/saab-l...rum/112402.htm

The thread you created was vague on the cause

VerticalScope.com

But this notice link that showed up later, seems to cover the cause and effect info.

If the passwords were 'hashed' then they should be pretty useless. I'm sure our email addresses are on numerous spam lists already anyway.
jimbosaab is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-28-2016, 05:58 AM   #6
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
My old profile had +2000 posts since 2006. No response to requests for assistance, complete mishandling of things in the first place, continued mishandling after discovery.

Vertical Scope seems to be ran by a bunch of amateur clowns running around honking each others noses, honk honk.. The only value they add add seems to be the poorly targeted spaming of their own site--I'm just about finished with this place. I miss Blaque Out, he didn't spam his own site and he never even handed my password to the nigerian princes.

Mandatory global password resets and additional cyclic timeouts is a pain that's unnecessary, it was their mishandling, the fact that they don't know how to secure their investment that caused the issue. Not me using a simple static password of my choice.

It's asinine to impliment new aritrary and unrelated rules on a user base as a remedy to something that was clearly a royal screwup on their part. All they had to do was announce the compromise, fix their backend, and recommend users change passwords if they cared. Done. Instead they project their incompetence globally as a knee jerk reaction and further devalue the site.

Last edited by Trionic3000; 06-28-2016 at 06:52 AM.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 12:29 PM   #7
Helena
Site Admin
 
AGadmin's Avatar
 
Join Date: Apr 2011
Posts: 494
Hey there,
Sign out of your account. Clear the login info and click "login". Once at that page, click on the forgot password area.
If that is not working for you, check your spam/junk folder, and see if it’s there.

if it’s not there, go to the bottom of the page, and click on the contact us area. This will direct you to the mainline to our manual password reset area. In the subject line write "password reset" and put in the info of your account name, email on the account, and email it needs to be changed to if need be. Someone will be in touch with you shortly about it. Just be patient, we are working hard to get all these matters sorted. Thanks again all.

~Shane
AGadmin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 01:22 PM   #8
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
I already sent two requests, no response.

Please reset my old account to my old simple password that worked for 8+ years until you guys screwed up, thanks.

In other related news http://theonion.com"AutoGuide/Vertical Scope Receives Award For Illegal Clinton Private Email Server Password Management: Most Effective 2016 Information Distribution"

Quote:
Originally Posted by AGadmin View Post
Hey there,
Sign out of your account. Clear the login info and click "login". Once at that page, click on the forgot password area.
If that is not working for you, check your spam/junk folder, and see if it’s there.

if it’s not there, go to the bottom of the page, and click on the contact us area. This will direct you to the mainline to our manual password reset area. In the subject line write "password reset" and put in the info of your account name, email on the account, and email it needs to be changed to if need be. Someone will be in touch with you shortly about it. Just be patient, we are working hard to get all these matters sorted. Thanks again all.

~Shane

Last edited by Trionic3000; 06-29-2016 at 01:42 PM.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 02:56 PM   #9
Elder
 
DrewP's Avatar
 
Join Date: Dec 2006
Location: Los Angeles, CA
Posts: 3,020
What was your old account?

Also, it said pretty clearly that now you have to have a password with multiple caps, lower-case, symbols, etc., to make it more secure, so they can't turn it back to the way it used to be.
__________________
(Former) Saab Tech / Competition Prep

Quote:
You still don't understand. This is like trying to explain calculus to a clam.
DrewP is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 03:28 PM   #10
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
Quote:
Originally Posted by DrewP View Post
What was your old account?

Also, it said pretty clearly that now you have to have a password with multiple caps, lower-case, symbols, etc., to make it more secure, so they can't turn it back to the way it used to be.
Yes captain obvious but you miss the point.

Pretty clearly the 'remedy' of impressing stronger password requirements on users isn't actually in alignment with the problem. It's pretty similar to 'never letting a good emergency go to waste'--theory for implimenting new arbitrary rules (that parallel is giving these guys too much credit though I think because it implies that there is actually a plan lol).

The actual problem was/is poor administration, compounded with poor/arbitrary decision making after the fact, not simple passwords and not cyclic password refresh rules.

Drew in Houston

Last edited by Trionic3000; 06-29-2016 at 03:36 PM.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 04:15 PM   #11
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
But for real Drew, no offense intended to you, and in the grand scheme it's really a small thing. I just hate to see things mismanaged like that when it so easily wouldn't have to be that way with better decision making.

It would be interesting to see a count of users who have active passwords before/after, as well as traffic stats. This place has been winding down anyway, but i bet there's a difference, and i bet it's not a good difference.

Anyone into a group buy to try to purchase the site? I've been planning a quaife 6-sp gearset purchase but it might be more fun to unvest a few g's here. It's definitely not worth as much as it was a month ago lol.

Last edited by Trionic3000; 06-29-2016 at 04:36 PM.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-29-2016, 09:52 PM   #12
Moderator
Site Moderator
 
jk88's Avatar
 
Join Date: Aug 2007
Location: Priustown/Teslaville
Posts: 4,441
Trionic, what was your old username?
__________________
88 900TC / 02 Viggen / 90 911 C2 / 03 4Runner / 18 V90
jk88 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-30-2016, 10:20 AM   #13
Elder
 
Join Date: Sep 2004
Location: Annapolis, MD
Posts: 2,522
Send a message via ICQ to g96nt Send a message via AIM to g96nt Send a message via MSN to g96nt Send a message via Yahoo to g96nt
Come on... he didn't even have to say who it was to know who it was.

It's DrewinHouston.
__________________
Craig R.
2008 9-5 Aero-1995 900T 'vert
g96nt is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-30-2016, 11:00 AM   #14
Elder
 
DrewP's Avatar
 
Join Date: Dec 2006
Location: Los Angeles, CA
Posts: 3,020
No worries. A lot of the corporate password / credit card / meta-data hacks the last few years basically make it sound like amateur hour a lot of places anyway.

Pretty inconvenient.

It was way overdue for me to change up my passwords anyway. I think that is just sort of the way the world works now.

I hope you get your login sorted out. I bet VerticalScope is way in the deep end right now with angry users, since they have whatever it is, hundreds of sites? This is one of the little bitty ones, but VWVortex must have thousands of active users, and I bet that they are all maaaaaaaad.
__________________
(Former) Saab Tech / Competition Prep

Quote:
You still don't understand. This is like trying to explain calculus to a clam.
DrewP is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-30-2016, 11:28 AM   #15
Moderator
Site Moderator
 
jk88's Avatar
 
Join Date: Aug 2007
Location: Priustown/Teslaville
Posts: 4,441
Doing what I can to make you feel like your old e-self, see below.
Attached Images
File Type: png Screen Shot 2016-06-30 at 12.31.15 PM.png (10.2 KB, 0 views)
__________________
88 900TC / 02 Viggen / 90 911 C2 / 03 4Runner / 18 V90

Last edited by jk88; 06-30-2016 at 11:32 AM.
jk88 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 06-30-2016, 02:35 PM   #16
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
Quote:
Originally Posted by jk88 View Post
Doing what I can to make you feel like your old e-self, see below.
Sweet that's awesome haha

What do you guys think a ballpark cash value is for this place? Anyone know what Cedric sold it for? I cant imagine it's very much money, especially now.
__________________
Co-Founder:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
First T7 19T turbo setup. First T7 Deka 80lb. injector setup.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 07-01-2016, 11:12 AM   #17
Elder
 
DrewP's Avatar
 
Join Date: Dec 2006
Location: Los Angeles, CA
Posts: 3,020
No idea, and the complete lack of more communication from VerticalScope is kind of telling.

Unless it's an article about the ten best affordable convertibles for the summer are....
__________________
(Former) Saab Tech / Competition Prep

Quote:
You still don't understand. This is like trying to explain calculus to a clam.
DrewP is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 07-01-2016, 11:28 AM   #18
Moderator
Site Moderator
 
jk88's Avatar
 
Join Date: Aug 2007
Location: Priustown/Teslaville
Posts: 4,441
They'll take $300 for it, or $250 if paid through Auto Escrow.
__________________
88 900TC / 02 Viggen / 90 911 C2 / 03 4Runner / 18 V90
jk88 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 07-05-2016, 06:58 AM   #19
Helena
Site Admin
 
AGadmin's Avatar
 
Join Date: Apr 2011
Posts: 494
Hey Guys,

I just want to post here to shed a little more light on the situation, at least as much as we can provide at the moment.

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

As for us not responding to members, you have to understand our community support team watches over many sites. Luckily this week and last, we have had many members from other teams offer help. With that said all emails sent to our Contact Us email will be dealt with. Granted, it may take a little time for us to get to all of them, but please be patient with us as we are working really hard to catch up and help everyone.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
AGadmin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Old 07-05-2016, 11:43 AM   #20
Drew In Houston
Elder
 
Join Date: Aug 2006
Posts: 2,864
Richard, how much to purchase the site from you guys, for real?

Whoever developed your business model to consolidate advertising bargaining in a bigger way by gathering up ownership of all the auto related mom and pop sites had a really great idea for sure.

Unfortunately now that you've done it, you guys bring zero additional value to those sites--you literally spam your own sites with poorly target unrelated content.

And now arbitrarily forcing everyone to globally change passwords as a knee jerk reaction for something totally unrelated, mishandling that in addition to the initial compromise, while claiming to not have the resources to actually handle the task is really stupid.

Quote:
Originally Posted by AGadmin View Post
Hey Guys,

I just want to post here to shed a little more light on the situation, at least as much as we can provide at the moment.

A 3rd party plugin that we and other networks use had it's developers' compromised. Their DB was breached and data was scraped. I can't ID the plugin as it's under legal investigation. However I can say that it had access to user data because it functions separately from the vb software. Many plugins do this, chats, news letters, mobile apps etc. This is not an active breach, however as a precaution we did initiate security updates including password changes and new pass requirements.

Their system was compromised and they grabbed user data for us and thousands of others.
We cleared our part of the breach and went this route to further security.
This is also in place as many members on the internet use the same or similar passwords across all things they use.

Hackers who have access to these accounts, may be able to access other platforms where the same email and/or passwords are used.
Other platforms have been compromised as well, including Twitter, Linkedin etc. We are just trying to get ahead of this, and nip it in the bud as soon as possible.

We cannot go into detail at the moment as it is being dealt with on a legal level.

Though this breech happened in Feb, we were not notified until very recently. We worked hard to find a solution for this mess, and acted on it. Though it may not be ideal in some eyes, it is the best we have access to ATM.
Once the storm settles we may look into other methods for our security, but right now we ask that you be patient with us.

As for us not responding to members, you have to understand our community support team watches over many sites. Luckily this week and last, we have had many members from other teams offer help. With that said all emails sent to our Contact Us email will be dealt with. Granted, it may take a little time for us to get to all of them, but please be patient with us as we are working really hard to catch up and help everyone.

If there are any other questions/concerns/feedback, please feel free to post them here.

Thank you for your patience and understanding,

Richard.
__________________
Co-Founder:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
First T7 19T turbo setup. First T7 Deka 80lb. injector setup.
Trionic3000 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the The Saab Link Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:
Vehicle Info.
Enter your vehicle information (year, model, mods)
Insurance
Please select your insurance company (Optional)

Log-in


Thread Tools

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 08:30 PM.


Powered by vBulletin® Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.5.2
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
All content is copyright The Saab Link and it's original authors.


 

Garage Plus vBulletin Plugins by Drive Thru Online, Inc.