LulzSec Releases Over 62,000 Hacked Passwords

[raurelian]

[citation][nom]pythonic13[/nom]seems legit[/citation]

of course it`s legit, why wouldn't think so?

Seriously now, I really do not understand who falls for all the phishing that`s going on today.. you are the 1000000000000000th visitor - click here. Although I know it`s sad, people who fall for most phishing scams deserve to sufer the consequences - maybe that way everyone would understand the risks and stop falling for every possible scam, and we would have a cleaner Internet.

 

[dalethepcman]

The funniest thing about lulsec is the backlash from all of these people who think everything they post online is sacred, when your the morons posting "Happy 3rd birthday to my little Johnny!" "Check out my package" and "OMG im so wasted" **Jim has checked in at local dive bar**

ANYTHING on the internet has almost instantly become public, get this through your skulls and you will laugh at most of what lulsec does.

 

[jaspar782]

Well, they had to install a software for full database encryption (like EncDB). So that the personal details of all registered users were safe even if the databases were stolen.

 

[gerchokas]

this is getting out of hand already.... they're openly promoting some kind of anarchic "do what you want with other people's stuff" sh**, and what disturbs me more: people's doin it

 

[Vladislaus]

[citation][nom]otacon72[/nom]LulzSec is a bunch of cockroaches that need to be squashed. Oh they use SQL injection...big freakin deal.[/citation]
Yes it's big freakin deal. I would expect a company with a low profile to not care about SQL injection attacks, but large companies ignoring it it's like a bank saying that your money is secure in their safe made out of cardboard. It's a problem so easy to fix but they simply don't care.

 

[f-14]

enough is enough the lulz are over , while i enjoyed a great many of them, it's time to start taking them down with guns drawn anyway you can before they start churning out nuclear launch codes or IFF codes.
it's all fun and games until somebody pokes an eye out, as the saying goes.

 

[wiskibubbles]

LulSec also has hacked EveOnline and attempted to do the same thing. They Did do a massive attack of the log in server which brought it down for a few hours during peak play times. Also in there attack the crashed the website and many other functions.
These leaches if they cant steal passwords or other items they just attack the server enough to force it down. Someone just needs to kick these kids in the balls

 

[slicedtoad]

An alpha numerical random string is only slightly more secure than something like "zyzyzyzy". With the exception of dictionary words, a brute force attack specifically targeting you can't get your password, no matter the length or content. Virtually every server that has a login feature also watches for bruteforcers.

To bruteforce "zyzyzyzy" you would have to do more than 26^8 tries. If you get even 100 login attempts at "joesmoes" account, you know something is wrong. The most basic server security can watch for this. This is only for an attack on one account though. The indirect type of brute force tries many password-email combos and gets maybe a few percent of them (they use proxies to avoid ip detection).

This article leaves out all the details but my guess is they got writerspace's user database and associated emails (they don't even need the passwords) and cross referenced them with common book words for passwords. By using a large proxy list, this would be a very hard to detect indirect bruteforce.

If they got the passwords from writerspace as well, this would be even easier. They would just have to check for password reuse. Xkcd explains this better than i could: http://xkcd.com/792/

Also, to whoever mentioned sql injection, it's outdated. Only very small, personally owned servers wouldn't have protection against it. There are far better and more modern ways to extract information from a server.

 

[randomizer]

I wish LulzSec would crack these spammers' websites. I'd order them all a gucci handbag knockoff as a gift of appreciation.

 

[randomizer]

Also, to whoever mentioned sql injection, it's outdated. Only very small, personally owned servers wouldn't have protection against it.

Like the ones Sony use.

 

[Guest]

hey it works 😀... and there's someone nice that emailin all the email that in the list 😀

From:
Whilliam Schmidt Hide
Add to: To Do, Calendar
To:
xxxxx
Date:
Fri, Jun 17, 2011 xxxx am


Sadly my friend, it looks like your email address and password are being passed
around.

I'm no security expert, but I noticed a link to this big file with a ton of
people's account info in it.

I felt obligated to write a little program to email everyone in there. The entry
I got your email address from reads:

xxxxx | xxxxx@xxxxx.com |


So I STRONGLY suggest you change that right away, rumor is many many accounts
have already been abused (mean things over facebook, paypal and so on)..

Hopefully my emailing everyone in there will save at least one person a lot of
grief. Even more hopefully, you will have already been contacted by someone
else. I'm completely an individual, trying to lend a hand.

Good Luck,
-Whilliam

 

[Guest]

and amazon is very nice

Hello xxxxx,

This is an important message from Amazon.com

At Amazon we take your security and privacy very seriously. As part of our
routine monitoring, we discovered a list of email address and password sets
posted online. While the list was not Amazon-related, we know that many
customers reuse their passwords on several websites. We believe your email
address and password set was on that list. So we have taken the precaution of
resetting your Amazon.com password. We apologize for any inconvenience this has
caused but felt that it was necessary to help protect you and your Amazon
account.

To regain access to your Amazon customer account:

1. Go to Amazon.com and click the "Your Account" link at the top of our
website.

2. Click the link that says "Forgot your password?"

3. Follow the instructions to set a new password for your account.

Please choose a new password and do not use the same password you used with us
previously. We also highly recommend that you chose a password that you are not
using on any other sites. We look forward to seeing you again soon.

Sincerely,

Amazon.com


Please note: this e-mail was sent from an address that cannot accept incoming
e-mail. To contact us about an unrelated issue, please visit the Help section of
our website.

 

[dazzlepod]

Searchable list at http://dazzlepod.com/lulzsec/

 

[fir_ser]

This is a scary thing to know that many website have unsecure databases that contain sensitive information about users.

 

[Guest]

Sorry guys, but I just forwarded everyone here's email to lulzsec. All your negativity bores me :3

 

[eddieroolz]

And these hackers that are supposedly all for "justice" loses another shred of the very little honor they had.