KrisnatharokPC Builder, Gamer Premium Member join:2009-02-11 Earth Orbit |
LulzSec Hits Facebook, Paypal NextAny idea how to find out if one's account was compromised? It appears Paypal's login is down. said by CBC News Canada :Facebook, Paypal accounts released by hackers
The hacker group Lulz Security is claiming it released log-in information for 62,000 private internet accounts Thursday, including Facebook, PayPal, dating sites, Xbox Live and Twitter.
The list is mostly American accounts but includes hundreds of Canadians, including a CBC journalist from Prince Edward Island, and employees of all three levels of government, including provincial public servants in Alberta, Nova Scotia, and Prince Edward Island and at least one municipal worker in Whitehorse. Who's on the list
CBC reporter Laura Chapin pored through the list and found more than a hundred email addresses ending in .ca in the top sixth of the list, including:
Federal government workers from Service Canada, Passport Canada, and Public Safety Canada.
Provincial government workers in Prince Edward Island, Nova Scotia and Alberta, including at least one from the P.E.I. Department of Justice and Public Safety.
Municipal government workers from several cities, including Whitehorse.
Dozens of personal addresses.
Canadians may also be included among the email addresses that don't end in .ca.
The list shows that the most common password is 123456, which shows up almost 600 times. Another very common password is "romance."
Other countries whose citizens were hacked include the United Kingdom, Australia, New Zealand and Brazil.
On its Twitter account, LulzSec said it uploaded the file to a file-sharing site Thursday morning. The site took it down, but it was uploaded again Thursday evening and taken down once more. LulzSec reported thousands of downloads before it was removed.
The group's Twitter feed contains bragging from people who claim to have taken the information and logged on to people's personal sites: taking money from PayPal accounts, replacing dating site profile pictures with pornographic images, and engaging in chats using other people's Facebook accounts.
"Envelope yourself in the sickening realization that you secretly love f--king someone's Facebook life beyond repair," says one tweet from LulzSec. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
Dustyn
Premium Member
2011-Jun-17 12:06 pm
I just logged in and it reports my last login session was on: May 13, 2011 21:22 GMT-04:00. My account status and history are all normal. |
|
|
to Krisnatharok
For whaever it's worth, I was just able to log in. It was somewhat slower to load than usual.
I guess Lulz is just a group of anarchists, trying to cause as much disruption as possible while drawing attention to themselves. They seem to be baiting someone to catch them. Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught? |
|
coldmoon Premium Member join:2002-02-04 Fulton, NY
2 recommendations |
coldmoon
Premium Member
2011-Jun-17 12:11 pm
said by red2 :...Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught? No, they will get caught at some point. It is just a matter of when, not if... JMHO |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Krisnatharok
My FB account is normal as normal as an FB account can be.
Thanks for this. |
|
KrisnatharokPC Builder, Gamer Premium Member join:2009-02-11 Earth Orbit |
to coldmoon
said by coldmoon:said by red2 :...Can anyone possibly be that good that they don't make a mistake or leave a trace somewhere leading to their being caught? No, they will get caught at some point. It is just a matter of when, not if... JMHO Well they pretty much declared war on the CIA by taking down their public website. If that's not asking for it, I don't know what is. |
|
Krisnatharok |
Don't be this guy:Soon after the accounts were posted Thursday, Lulzsec followers started to say, via Twitter, that they had accessed Facebook, Twitter and online gaming accounts. "I am now an level 85 human warrior on mal'ganis server," wrote one follower, called Miracle Joe, referring to a server used by World of Warcraft gamers.
"Got an Xbox Live, Paypal, Facebook, Twitter, YouTube THE WHOLE LOT! J-J-J-J-J-J-JACKPOT," wrote another follower, Niall Perks. The "idiot had the same password for everything," he later explained.
Others claimed that they'd chatted with friends of the victims or posted obscene photos or messages to their profile pages.
Crowell, a property assessment specialist with the Wisconsin Department of Revenue in Milwaukee, describes herself as a "boring old lady on the Internet." Though she knew better, she reused her passwords, including the one she used at both Amazon and Writerspace.com. "Everyone knows that everyone uses the same password for everything," she said. "You know what you're supposed to do, but do you do it?" |
|
2 recommendations |
to Krisnatharok
Here is a list of the compromised emails associated with the accounts on Facebook, Paypal, etc. » dazzlepod.com/lulzsec/You can search to see if yours is on it. |
|
|
dave Premium Member join:2000-05-04 not in ohio
2 recommendations |
to Krisnatharok
Damn, if Weiner had held on for another week, he could have had plausible deniability ! |
|
|
to Krisnatharok
Checked mine, seem to be alright. Went ahead and changed passwords just in case anyways. |
|
Trooper Premium Member join:2005-05-18 USA |
to Krisnatharok
I don't have Facebook so don't really care. Guess I will change Paypal just in case. |
|
sivranVive Vivaldi Premium Member join:2003-09-15 Irving, TX |
to Ellexa
Neither of my facebook accounts are on that list. Thanks. |
|
1 recommendation |
to Ellexa
Who in the name of heaven would want to put any info on that page(s) to find out. Certainly not I! |
|
PhilRojo Sol Premium Member join:2001-06-11 Downers Grove, IL
1 recommendation |
Phil
Premium Member
2011-Jun-17 3:09 pm
You do partial searches. There was no way I was about to supply a full email address. |
|
2 recommendations |
said by Phil:You do partial searches. There was no way I was about to supply a full email address. I was thinking that too, but given apparently every spammer on the planet already knows my paypal email address it doesn't bother me too much as the security is in the password. Blake |
|
DrModemTrust Your Doctor Premium Member join:2006-10-19 USA |
DrModem
Premium Member
2011-Jun-17 4:43 pm
I did a partial search. None of my accounts in there thankfully. |
|
ctggzg Premium Member join:2005-02-11 USA |
to Krisnatharok
Nothing to worry about unless you use really stupid passwords. Simply using the same password(s) on multiple sites is a very low risk as long as the one or few passwords are secure. I wouldn't give much credibility to a group that calls itself "lulz" anyway. |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN |
to Krisnatharok
I'm on the rogers.com domain. Looks like there were "103" @rogers.com logins compromised. Mine was not on that list thankfully. |
|
|
to siljaline
Ya, I am glad I got rid of mine. Especally when the facebook stuff began to be linked as a method for logging into some of the cheaper MMO's.. I esp. hated the harvesting of data that was done on your FB data. |
|
fatnesssubtle
join:2000-11-17 fishing
1 recommendation |
to Ellexa
said by Ellexa:Here is a list of the compromised emails associated with the accounts on Facebook, Paypal, etc.
»dazzlepod.com/lulzsec/
You can search to see if yours is on it. What a great way to harvest email addresses. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC 1 edit |
to vurnun2
Such is life and data-loss with Social Bookmarking widgets, Facebook, etc - I have no qualms with having a Facebook account although I am by far a Facebook fanboi. I highly doubt your data is any more or less safe, say on Twitter |
|
DeftStros in '08 Premium Member join:2003-09-06 Grand Forks, ND 1 edit |
to Krisnatharok
15 accounts in the surrounding area of my ISP.. anywhere from Williston to Bismark to Rapid City
EDIT: sooo i was curious and found an email that had 123... and guess what.. i got in.. but instantly signed out. |
|
pcdebbbirdbrain Premium Member join:2000-12-03 Brandon, FL ARRIS DG1670
|
to Krisnatharok
a few months ago I got a notice from facebook that my account was logged in from another location (I think it listed the location too). It refused to log me on until I verified my account and changed the password. I imagine if someone's account was touched they may get this kind of warning. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to Dustyn
They showed a login early this A.M. from Santa Rosa, California. Quite a ways away from San José, California; but likely due to the IP address of my new ISP. The time is consistent with my login to check that account just now. That ISP is headquartered in Santa Rosa, and does not include a geocode in the hostname.
I rejected some security certificate error notices; nothing seemed to break when I did. But it does not inspire confidence in FB webmasters. |
|
NormanS |
to jaykaykay
I did a search on, '@aosake.net'. No hits. Another on '@pacbell.net'. A page full of hits; from which a local browser search died after the first three characters. So no hits on either domain. |
|
shearerNorthern Lights Premium Member join:2002-06-18 Asia |
to Krisnatharok
Why are some of these major sites ("major" as in top 20 highest traffic) seemingly so easy to hack into? And why aren't the passwds in hashed form? |
|
SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand |
to pcdebb
said by pcdebb:a few months ago I got a notice from facebook that my account was logged in from another location (I think it listed the location too). It refused to log me on until I verified my account and changed the password. I imagine if someone's account was touched they may get this kind of warning. Yes, they will run you through hoops! Not sure if it is on by default, but there is an option under My Account > Settings > Account Security that users should enable: Login Notifications When an unrecognized computer or device tries to access my account: Send me an email |
|
90115534 (banned)Someone is sabotaging me.Finding out who join:2001-06-03 Kenner, LA |
to shearer
said by shearer:Why are some of these major sites ("major" as in top 20 highest traffic) seemingly so easy to hack into? And why aren't the passwds in hashed form? I been wondering the same thing and that is a question only these websites can answer, which I highly doubt they will. Not worried though because I don't have either and all passwords & emails I do use are all different for every login. You can get one but you still have the problem of getting my real email mahaha. |
|
|
to Krisnatharok
any word on how they got the passwords. checked the list (partial word search, not my full addy) no hits so im good.
someone told me that paypal was not hacked but other sites were and lulz is saying that the email/password combos might work on paypal.
i use a different random alphanumeric password for every site so no worries |
|
MangoUse DMZ and you get a kick in the dick. Premium Member join:2008-12-25 www.toao.net |
Mango
Premium Member
2011-Jun-18 11:14 am
Sounds like they found a few insecure sites, and a great deal of people just use the same email/password for multiple sites. |
|