dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5903

Krisnatharok
PC Builder, Gamer
Premium Member
join:2009-02-11
Earth Orbit

Krisnatharok

Premium Member

LulzSec Hits Facebook, Paypal Next

Any idea how to find out if one's account was compromised? It appears Paypal's login is down.
said by CBC News Canada :

Facebook, Paypal accounts released by hackers

The hacker group Lulz Security is claiming it released log-in information for 62,000 private internet accounts Thursday, including Facebook, PayPal, dating sites, Xbox Live and Twitter.

The list is mostly American accounts but includes hundreds of Canadians, including a CBC journalist from Prince Edward Island, and employees of all three levels of government, including provincial public servants in Alberta, Nova Scotia, and Prince Edward Island and at least one municipal worker in Whitehorse.
Who's on the list

CBC reporter Laura Chapin pored through the list and found more than a hundred email addresses ending in .ca in the top sixth of the list, including:

Federal government workers from Service Canada, Passport Canada, and Public Safety Canada.

Provincial government workers in Prince Edward Island, Nova Scotia and Alberta, including at least one from the P.E.I. Department of Justice and Public Safety.

Municipal government workers from several cities, including Whitehorse.

Dozens of personal addresses.

Canadians may also be included among the email addresses that don't end in .ca.

The list shows that the most common password is 123456, which shows up almost 600 times. Another very common password is "romance."

Other countries whose citizens were hacked include the United Kingdom, Australia, New Zealand and Brazil.

On its Twitter account, LulzSec said it uploaded the file to a file-sharing site Thursday morning. The site took it down, but it was uploaded again Thursday evening and taken down once more. LulzSec reported thousands of downloads before it was removed.

The group's Twitter feed contains bragging from people who claim to have taken the information and logged on to people's personal sites: taking money from PayPal accounts, replacing dating site profile pictures with pornographic images, and engaging in chats using other people's Facebook accounts.

"Envelope yourself in the sickening realization that you secretly love f--king someone's Facebook life beyond repair," says one tweet from LulzSec.


Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

I just logged in and it reports my last login session was on: May 13, 2011 21:22 GMT-04:00. My account status and history are all normal.

red2
@fastwebnet.it

red2 to Krisnatharok

Anon

to Krisnatharok
For whaever it's worth, I was just able to log in. It was somewhat slower to load than usual.

I guess Lulz is just a group of anarchists, trying to cause as much disruption as possible while drawing attention to themselves. They seem to be baiting someone to catch them. Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught?

coldmoon
Premium Member
join:2002-02-04
Fulton, NY

2 recommendations

coldmoon

Premium Member

said by red2 :

...Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught?

No, they will get caught at some point. It is just a matter of when, not if...

JMHO

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to Krisnatharok

Premium Member

to Krisnatharok
My FB account is normal as normal as an FB account can be.

Thanks for this.

Krisnatharok
PC Builder, Gamer
Premium Member
join:2009-02-11
Earth Orbit

Krisnatharok to coldmoon

Premium Member

to coldmoon
said by coldmoon:

said by red2 :

...Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught?

No, they will get caught at some point. It is just a matter of when, not if...

JMHO

Well they pretty much declared war on the CIA by taking down their public website. If that's not asking for it, I don't know what is.
Krisnatharok

Krisnatharok

Premium Member

Don't be this guy:

Soon after the accounts were posted Thursday, Lulzsec followers started to say, via Twitter, that they had accessed Facebook, Twitter and online gaming accounts. "I am now an level 85 human warrior on mal'ganis server," wrote one follower, called Miracle Joe, referring to a server used by World of Warcraft gamers.

"Got an Xbox Live, Paypal, Facebook, Twitter, YouTube THE WHOLE LOT! J-J-J-J-J-J-JACKPOT," wrote another follower, Niall Perks. The "idiot had the same password for everything," he later explained.

Others claimed that they'd chatted with friends of the victims or posted obscene photos or messages to their profile pages.

Crowell, a property assessment specialist with the Wisconsin Department of Revenue in Milwaukee, describes herself as a "boring old lady on the Internet." Though she knew better, she reused her passwords, including the one she used at both Amazon and Writerspace.com. "Everyone knows that everyone uses the same password for everything," she said. "You know what you're supposed to do, but do you do it?"


Ellexa
join:2010-11-08

2 recommendations

Ellexa to Krisnatharok

Member

to Krisnatharok
Here is a list of the compromised emails associated with the accounts on Facebook, Paypal, etc.

»dazzlepod.com/lulzsec/

You can search to see if yours is on it.
dave
Premium Member
join:2000-05-04
not in ohio

2 recommendations

dave to Krisnatharok

Premium Member

to Krisnatharok
Damn, if Weiner had held on for another week, he could have had plausible deniability !
tman852
join:2010-07-06
Columbus, OH

tman852 to Krisnatharok

Member

to Krisnatharok
Checked mine, seem to be alright. Went ahead and changed passwords just in case anyways.

Trooper
Premium Member
join:2005-05-18
USA

Trooper to Krisnatharok

Premium Member

to Krisnatharok
I don't have Facebook so don't really care. Guess I will change Paypal just in case.

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to Ellexa

Premium Member

to Ellexa
Neither of my facebook accounts are on that list. Thanks.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 recommendation

jaykaykay to Ellexa

MVM

to Ellexa
Who in the name of heaven would want to put any info on that page(s) to find out. Certainly not I!

Phil
Rojo Sol
Premium Member
join:2001-06-11
Downers Grove, IL

1 recommendation

Phil

Premium Member

You do partial searches. There was no way I was about to supply a full email address.

Link Logger
MVM
join:2001-03-29
Calgary, AB

2 recommendations

Link Logger

MVM

said by Phil:

You do partial searches. There was no way I was about to supply a full email address.

I was thinking that too, but given apparently every spammer on the planet already knows my paypal email address it doesn't bother me too much as the security is in the password.

Blake

DrModem
Trust Your Doctor
Premium Member
join:2006-10-19
USA

DrModem

Premium Member

I did a partial search. None of my accounts in there thankfully.
ctggzg
Premium Member
join:2005-02-11
USA

ctggzg to Krisnatharok

Premium Member

to Krisnatharok
Nothing to worry about unless you use really stupid passwords. Simply using the same password(s) on multiple sites is a very low risk as long as the one or few passwords are secure. I wouldn't give much credibility to a group that calls itself "lulz" anyway.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn to Krisnatharok

Premium Member

to Krisnatharok
I'm on the rogers.com domain.
Looks like there were "103" @rogers.com logins compromised. Mine was not on that list thankfully.
vurnun2
join:2011-05-19
Altura, MN

vurnun2 to siljaline

Member

to siljaline
Ya, I am glad I got rid of mine. Especally when the facebook stuff began to be linked as a method for logging into some of the cheaper MMO's.. I esp. hated the harvesting of data that was done on your FB data.

fatness
subtle

join:2000-11-17
fishing

1 recommendation

fatness to Ellexa

to Ellexa
said by Ellexa:

Here is a list of the compromised emails associated with the accounts on Facebook, Paypal, etc.

»dazzlepod.com/lulzsec/

You can search to see if yours is on it.

What a great way to harvest email addresses.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 edit

siljaline to vurnun2

Premium Member

to vurnun2
Such is life and data-loss with Social Bookmarking widgets, Facebook, etc -

I have no qualms with having a Facebook account although I am by far a Facebook fanboi. I highly doubt your data is any more or less safe, say on Twitter

Deft
Stros in '08
Premium Member
join:2003-09-06
Grand Forks, ND

1 edit

Deft to Krisnatharok

Premium Member

to Krisnatharok
15 accounts in the surrounding area of my ISP.. anywhere from Williston to Bismark to Rapid City

EDIT: sooo i was curious and found an email that had 123... and guess what.. i got in.. but instantly signed out.

pcdebb
birdbrain
Premium Member
join:2000-12-03
Brandon, FL
ARRIS DG1670

pcdebb to Krisnatharok

Premium Member

to Krisnatharok
a few months ago I got a notice from facebook that my account was logged in from another location (I think it listed the location too). It refused to log me on until I verified my account and changed the password. I imagine if someone's account was touched they may get this kind of warning.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to Dustyn

MVM

to Dustyn
They showed a login early this A.M. from Santa Rosa, California. Quite a ways away from San José, California; but likely due to the IP address of my new ISP. The time is consistent with my login to check that account just now. That ISP is headquartered in Santa Rosa, and does not include a geocode in the hostname.

I rejected some security certificate error notices; nothing seemed to break when I did. But it does not inspire confidence in FB webmasters.
NormanS

NormanS to jaykaykay

MVM

to jaykaykay
I did a search on, '@aosake.net'. No hits. Another on '@pacbell.net'. A page full of hits; from which a local browser search died after the first three characters. So no hits on either domain.

shearer
Northern Lights
Premium Member
join:2002-06-18
Asia

shearer to Krisnatharok

Premium Member

to Krisnatharok
Why are some of these major sites ("major" as in top 20 highest traffic) seemingly so easy to hack into? And why aren't the passwds in hashed form?

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

Sparrow to pcdebb

Premium Member

to pcdebb
said by pcdebb:

a few months ago I got a notice from facebook that my account was logged in from another location (I think it listed the location too). It refused to log me on until I verified my account and changed the password. I imagine if someone's account was touched they may get this kind of warning.

Yes, they will run you through hoops! Not sure if it is on by default, but there is an option under My Account > Settings > Account Security that users should enable:

Login Notifications
When an unrecognized computer or device tries to access my account:
Send me an email
90115534 (banned)
Someone is sabotaging me.Finding out who
join:2001-06-03
Kenner, LA

90115534 (banned) to shearer

Member

to shearer
said by shearer:

Why are some of these major sites ("major" as in top 20 highest traffic) seemingly so easy to hack into? And why aren't the passwds in hashed form?

I been wondering the same thing and that is a question only these websites can answer, which I highly doubt they will.

Not worried though because I don't have either and all passwords & emails I do use are all different for every login. You can get one but you still have the problem of getting my real email mahaha.

dauthiatull
Premium Member
join:2003-08-06
Toronto, ON

dauthiatull to Krisnatharok

Premium Member

to Krisnatharok
any word on how they got the passwords.
checked the list (partial word search, not my full addy) no hits so im good.

someone told me that paypal was not hacked but other sites were and lulz is saying that the email/password combos might work on paypal.

i use a different random alphanumeric password for every site so no worries
Mango
Use DMZ and you get a kick in the dick.
Premium Member
join:2008-12-25
www.toao.net

Mango

Premium Member

Sounds like they found a few insecure sites, and a great deal of people just use the same email/password for multiple sites.