LulzSec has released a list of over 60,000 emails and passwords from unknown sources as a reward for its Twitter followers flooding 4chan with messages.
During the past few days, regular visitors of the notorious 4chan /b/ (random) board have been trying to expose the individuals behind LulzSec.
However, the hackers aren’t very worried about them succeeding and pointed out that they were /b/tards themselves back in 2005.
Earlier today LulzSec had the idea to flood the /b/ and asked its 170,000+ Twitter followers to go and post messages about 4chan legend Boxxy.
“Everyone go to /b/ and post stuff about Boxxy, LulzSec sending you there, and triforces. In return, 50,000 assorted emails/passwords,” the group wrote.
One hour letter, LulzSec delivered on its promise and dumped not 50,000, but over 62,000 emails and passwords.
This is a major security breach for the owners of the exposed accounts and might affect them in numerous ways. Because of the widespread practice of password reuse, there is a high chance that many of those passwords will also work for other accounts, such as Facebook or PayPal.
In fact, soon after the leak people already started misusing the credentials. “I am now an level 85 human warrior on mal’ganis server,” wrote a user who managed to get into somebody’s World of Warcraft account.
Someone else tweeted from a victim’s hijacked Twitter account that: “@LulzSec Leaked my GMail account name & password. From there my Facebook, Hotmail & Twitter were compromised.”
In addition to password reuse, people are also in the bad habit of not deleting old emails that might contain sensitive information about them.
“Mail account with tax exempts (SS# [Social Security numbers] and all) on an entire family,” said one user who tried out a set of credentials.
The virtual carnage is unlikely to stop and tens of thousands of victims are waiting to be exploited if online services don’t enforce password resets for the affected accounts. Source : Softpedia