LulzSec Steals, Shares Logins in Latest Hack

Only hours after embarrassing the CIA by downing its website, hacking jokesters LulzSec issued another self-declared indictment of the Internet's woeful security, leaking a database of 62,000 stolen passwords and user names.

Which sites the logins were culled from and when and how the hack happened the group was not revealed, but the majority are webmail logins for common sites such as Gmail, Yahoo and Hotmail.

The group encouraged anyone downloading the list to try out its contents on various sites. (See also Dial-a-Hacker: Lulzsec Opens Request Line for Next Target.")

"These are random assortments from a collection, so don't ask which site they're from or how old they are, because we have no idea," read text at the top of the file, adopting the group's typically laconic form of address. "We also can't confirm what percentage still work, but be creative or something."

Followers of LulzSec on Twitter have quite openly claimed to have broken into a clutch of different sites using the leaked data, acts which could open these individuals to criminal prosecution.

Are the 62,000 logins from a single database or several stitched together? At least one security expert, F-Secure's Mikko Hypponen said he believed they could be from US literary site, Writerspace.com.

"Why writerspace.com? Well, the most common passwords include these: mystery, bookworm, reader, romance, library, booklover and..writerspace," tweeted Hypponen.

With the Anonymous Group in retreat, LulzSec have taken over their mantle in recent weeks with a series of high-profile hacks, including against Sony, PBS, several gaming networks and even the CIA website to their name. Beyond embarrassing all and sundry, the group's agenda remains obscure, which perhaps is their agenda.

Subscribe to the Security Watch Newsletter

Comments