Skip to navigation
Latest News

LulzSec hackers leak 62,000 email logins

email devil

By Nicole Kobie

Posted on 16 Jun 2011 at 13:32

Hackers Lulz Security have released a collection of 62,000 email addresses and passwords, encouraging their followers to test the details on Facebook and other websites.

The collection of login details - seen by PC Pro - was seemingly released as a reward for "flooding" an online forum earlier in the day.

The document doesn't say where the email addresses and passwords were taken from, but suggests they're from a variety of sources.

"These are random assortments from a collection, so don't ask which site they're from or how old they are, because we have no idea," LulzSec says in the file. "We also can't confirm what percentage still work, but be creative or something."

We also can't confirm what percentage still work, but be creative or something

Followers have done just that, and started posting screenshots of hacked Facebook, Amazon and other accounts, showing they've gained access.

One user bought several books on Amazon using one of the accounts, while another accessed an online dating service, changing profile pictures to sexual content. Others claimed to have gained entry to online retailers and PayPal.

The LulzSec Twitter feed suggested the email collection had been downloaded thousands of times within the first few minutes.

LulzSecurity jumped into the headlines after hacking Sony Pictures, and has since targeted the US Senate and the CIA. Earlier this week, LulzSec leaked logins from a porn site, encouraging users to try the passwords on Facebook; the social network locked down the affected accounts in time, however.

Twitter has yet to block the account, despite the firm frequently shutting down Anonymous accounts when that hacking group used the site to organise DDoS attacks.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Okay, so all of you who are so besotted with these criminals..

are you still glad that it's our friendly Lulzsec that did the deed, and not a "malicious" organisation? Because this sounds about as malicious as it gets.

I'd be interested to hear how any of you haxxor-fanbois try and justify this.

By TheHonestTruth on 16 Jun 2011

I'd be amazed if they had the guts to show their virtual faces

By Aspicus on 16 Jun 2011

What is it they say about assumptions...?

Why do you assume that because somebody can be open minded enough to see the benefits in; and agree with some of the actions of a group, [or 'fanbois' as you call them] that they will agree with all of their actions?


Without knowing where this info came from, I can see *little* benefit in this being made public.


The only pro in this is that all the details are public now, so that they can be acted on and secured.

A much more malicious and lucrative action would obviously have been to keep them private, then use or sell them for financial gain.


Of course any person with an open mind to the bigger picture in things could have garnered this info themselves, closed narrow minded posts from individuals like the above, show that they either can't or choose not to.


:p

By Anonymouse on 16 Jun 2011

That is my virtual face at the bottom of the previous post btw.

By Anonymouse on 16 Jun 2011

Passwords stored as text

Any website that still stores their users' passwords in text format (and not encrypted) should be named, shamed and fined - this is the only practical way hackers could have gained the passwords.

An easy way to tell if the website you frequent has done it, is to press the "Forgotten password" link. If your password is emailed to you, then it is stored unencrypted. If a random password is generated, then your password is probably stored encrypted.

By mnj_lim on 16 Jun 2011

Well done PC Pro

And just tried it on PC Pro - looks like our passwords are stored encrypted.

By mnj_lim on 16 Jun 2011

Good point mnj...

Even a relatively inconsequential forum has the sense to use a secure password system, and what is the worst possible outcome of your forum account getting hacked?
Maybe a banned account?

The obvious problem with all these 'hacks' is that they were able to happen at all.

By Anonymouse on 16 Jun 2011

Email Encryption

Everyday you read about well known companies having security breaches (Epsilon, Best Buy, Sony, etc). I don't feel that companies do enough to protect my personal info so I will think twice before providing businesses with any personal info. Everyone needs to be smart about protecting their personal data. I use this free service to send and receive encrypted emails at this secure web site: https://www.sendinc.com/ It ensures my messages are stored and transmitted securely, and that only I and my recipients have the capability to decrypt your message data.

By tnguyengp on 16 Jun 2011

Unbelievable, just unbelievable

@Anonymouse, you are as eligible for the title of “fanboi” as it gets. And it seems you’re still trying to justify their actions in ever more fantastical ways.

And as for:

“A much more malicious and lucrative action would obviously have been to keep them private, then use or sell them for financial gain.”

I completely disagree with that. It’s incredibly malicious and downright callous to simply release thousands of potentially live logins for a totally random collection of people, to absolutely anyone on the internet (many of whom may well use it for those “much more malicious” actions). And you really can’t see that?

No need to be “polite” and reply to this post, as I’m sure you will simply throw around your usual random insults of “narrow-mindedz”, “ignoring factz”, “stoopid”, etc, etc :)

By TheHonestTruth on 17 Jun 2011

Lets look at the definition of fanboi.....


"Someone who is hopelessly devoted to something and will like anything associated with thier particular thing."


"Geek Term related to forum users who think a product/company/person can do no wrong"



Was it not clear enough in my previuos post?

I don't think this specific 'release' was a good idea.




"It’s incredibly malicious and downright callous"

I didn't say it isn't malicious, I said it would be "much more malicious" to keep them and use them without telling the world that they are available.


Although as you are seemingly unable to spell properly I'm not sure you have the capability to understand such a subtle point, so let me explain again...

Details that have been made public are basically worthless.

By Anonymouse on 17 Jun 2011

My, oh my, oh my

"I don't think this specific 'release' was a good idea"
Is not the same as:
"it was WRONG and shouldn't have been done"

Again, as usual, as per normal, etc, etc, it seems you are unwilling (or unable?) to understand this most basic of points, and you simply cannot bring yourself to condemn their actions.

According to your helpful definition of “fanboi”, this puts you plum in that category, my friend! :)


And, yet again I ask you: how can you get much more malicious? “Hey, I’m only releasing these valid names and passwords for I-don’t-even-know-who, to the whole world to abuse, so I’m only a bit malicious, but I fully wash my hands of anything that happens once these are in the wild.” Sony has been dragged to the dogs because someone else released their data – can you even imagine what would have happened if they had deliberately released valid customer data themselves?


“Details that have been made public are basically worthless”

Perhaps.. but ask yourself how the information has been made public and to whom? Making them public to the thousands of your fellow hacker fanbois has resulted in wholesale Amazon and online store purchases being made, and social media accounts infiltrated.

So, yes, the details might be worthless now, but only after they have been fully stripped of their worth by your friends.

And ask the non-techy gentleman who lives next door if he knows that his Amazon account details may have been released by Lulzsec, and their devotees may be accessing his rarely-used but serviceable account right now?

As someone else commented, the world contains many people who, rightly, do not read this, or any other, technology website. Are they themselves to blame, as you will simply say it was a “harsh lesson” well intended, and they should convert themselves into a tech security geek asap? Or is it the BBC’s fault that they have not broadcast each and every login to make sure their owner can make it worthless before the Twitter-followers compromise their accounts?

By TheHonestTruth on 17 Jun 2011

In my book...

saying something is not a good idea, is synonymous with saying...

"it was wrong and shouldn't have been done"


I see now where our troubles are coming from, you clearly need every word and syllable spoon-feeding to you at an infant school level.


TBC.

By Anonymouse on 17 Jun 2011

Defintion of a fanboi....

is somebody who agrees with everything, yet I don't agree with his, and i'm still a fanboi?


Do I really need to spoonfeed you such a basic understanding of the english language?

By Anonymouse on 17 Jun 2011

My friends...

I would be proud to call such intelligent and capable people 'friends' however I can claim no such thing.

By Anonymouse on 17 Jun 2011

Malicious....

I'm not even going to trythis one again.

Any semi-intelligent pesoin can see how this could be *more* malicious.

(note the asterisk around the word "more", do I really need to define more for you?)

By Anonymouse on 17 Jun 2011

Who has it been made public too....

Everybody in the whole world.

(that is kind of the definition of 'public')

By Anonymouse on 17 Jun 2011

And lets not forget...

I don't agree with this release, it seems to serve no purpose other than lulz, and lets not forget that's what they are in it for.

Just cos I and others can see benefits in their other releases is a totally seperate issue.

By Anonymouse on 17 Jun 2011

You clearly are missing most points...

Just cos their is some benefits to what they do, that doesn't mean that is why *they* do it.

But you will need an open mind to enable such thought.

By Anonymouse on 17 Jun 2011

....................................................

"As someone else commented, the world contains many people who, rightly, do not read this, or any other, technology website. Are they themselves to blame, as you will simply say it was a “harsh lesson” well intended, and they should convert themselves into a tech security geek asap? Or is it the BBC’s fault that they have not broadcast each and every login to make sure their owner can make it worthless before the Twitter-followers compromise their accounts?"



Sort of a gree with you there, without knowing where the details come from I see no real benefit in releasing them.


I can try to reiterate that in Dr Zeus style writing if it will make it easier for you to parse?

By Anonymouse on 17 Jun 2011

Just one last time.....

I do not think that this release is a good idea, that is to say I think it is wrong, I do not agree with it, it is bad, it is not good, me no likey.

By Anonymouse on 17 Jun 2011

Here it is in the simplest of all languages.. binary....

01001001001000000110010001101111001000000110111001
10111101110100001000000111010001101000011010010110
11100110101100100000011101000110100001100001011101
00001000000111010001101000011010010111001100100000
01110010011001010110110001100101011000010111001101
10010100100000011010010111001100100000011000010010
00000110011101101111011011110110010000100000011010
01011001000110010101100001001011000010000001110100
01101000011000010111010000100000011010010111001100
10000001110100011011110010000001110011011000010111
10010010000001001001001000000111010001101000011010
01011011100110101100100000011010010111010000100000
01101001011100110010000001110111011100100110111101
10111001100111001011000010000001001001001000000110
01000110111100100000011011100110111101110100001000
00011000010110011101110010011001010110010100100000
01110111011010010111010001101000001000000110100101
11010000101100001000000110100101110100001000000110
10010111001100100000011000100110000101100100001011
00001000000110100101110100001000000110100101110011
00100000011011100110111101110100001000000110011101
10111101101111011001000010110000100000011011010110
01010010000001101110011011110010000001101100011010
0101101011011001010111100100101110

By Anonymouse on 17 Jun 2011

"I fully wash my hands of anything"

How are they washing their hands of anything?

If they get caught they will be held accountable for everythig they have partaken in.


It is just simple common sense (only an idiot can't see) that if you have private personal data such as this, there are any ways to make money of such info, telling the whole world the info is not one of those ways, and it would not give you any sort of immunity that you imply, as the police are likely not as idiotic as your posts portray you as.

By Anonymouse on 17 Jun 2011

RE: The definition of "fanboi"

Take another look at that definition...

"Someone who is hopelessly devoted to something and will like anything associated with thier particular thing."


The most active word in that sentence is "anything" it is an unarguable, undeniable and all encompassing word.


It means quite literaly 'every thing'

The simple fact that I don't agree with this one thing [amongst others] clearly puts me outside the remit of the word 'fanboi'

************************

Now one has to ask themselves the question; Can somebody who is unable to comprehend an excruciatingly basic word such as 'everything'..... be in any sort of position to debate anything of any level where at least a modicum of inteligence is required to grasp the finer aspects of what can be an emotional subject.


This is assuming you are making these mistakes involuntarily.

I'm really not sure tbh.

By Anonymouse on 17 Jun 2011

Stop the presses!

I have just come from replying to another post made by the user called [rather misleadingly] TheHonestTruth...

I suggest anybody trying to understand his views on this situation go and view the comments over there, and keep in mind why Guantanamo Bay exists!....


http://www.pcpro.co.uk/news/368083/lulz-rampage-co
ntinues-with-attack-on-cia-website

By Anonymouse on 17 Jun 2011

Crikey, a veritable bounty of replies by one person!

Well, it seems I touched a nerve :)

Unfortunately, there are far too many silly points to respond too, most of which seem to be going over your usual nonsensical rubbish that either clearly ignores or simply misunderstands everything in my previous post, so I suggest you just go back and read it. Some of us have jobs and can’t sit here replying all day!

As you seem to be having a little language trouble again, I will illustrate my main point yet again: Invading Iraq was not a good idea, but was it wrong? Conversely, flying a plane into the Twin Towers wasn’t ultimately a good idea for Bin Laden, but did he consider it wrong? So is “not a good idea” and “wrong” the same thing? Come on now, engage those seldom-employed grey cells for once! Most pre-school children can understand the difference.

And I stand proudly by my post about sending these hackers to jail (even/especially Guantanamo): these kids have to learn that they aren’t untouchable and above the law. In my opinion, their attacks on innocent people and internet organisations for their own selfish, irresponsible ends in a bid to instil fear and deprive the ordinary people of normality does fit the definition of terrorism quite well.

I shall now end my involvement in this thread, as it’s gotten rather out of hand, so sincere apologies to other readers - I didn’t realise how riled our friend, Anonymouse, would become :)

By TheHonestTruth on 20 Jun 2011

Touched a nerve...?

tl;dr

I said it quite clearly [as usual] you needed it spoonfeeding to you.


Hackers arn't terrorists you preposterous little individual.

By Anonymouse on 20 Jun 2011

Golden Rule

The golden rule that you should not do to others what you would not like done to yourself surely applies. Would any of the hackers like it if their own personal email accounts were compromised? Of course not.

The sensible thing to do, had they wished to abide by civic responsibility, as fine upstanding citizens, would have been to send emails to all the persons concerned, to warn them that they ought to change their account passwords. But did they do that? No.

By fogtax on 23 Jun 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.