A group of hackers claiming to be the reborn Lulz Security (LulzSec) took credit for an alleged compromise of MilitarySingles.com, a dating website for military personnel, and the leak of over 160,000 account details from its database.
The group announced the MilitarySingles.com hack on Twitter and Pastebin on Sunday, using the name “LulzSec Reborn” and ASCII art previously associated with LulzSec, the hacker group that apparently disbanded and merged with the Anonymous hacktivist collective last year.
The Pastebin post included links to RAR archives hosted on public file sharing websites that allegedly contain the names, usernames, e-mail addresses, IP addresses, and passwords of 163,792 MilitarySingles.com users. “There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.,” the group wrote.
Someone claiming to be the administrator of MilitarySingles.com posted a comment on databreaches.net after the site reported on the breach, saying that there is no evidence of a compromise.
The comment also suggested that ESingles, the company which runs the dating website, is nevertheless investigating the claims and taking the necessary security precautions.
The message annoyed members of “LulzSec Reborn” who, in response, called the administrator “stupid” and uploaded a “hacked by” page to the website in order to prove that they have access to it.
ESingles didn’t immediately return a request for comment.
The directory in which the rogue page was uploaded is unprotected and appears to contain internal files associated with the site’s content management software. If the credentials used for the database connection are available in one of those files, it would make stealing the user information fairly easy.
The original LulzSec hacker group took credit for many high-profile attacks during the spring of 2011. The FBI and other law enforcement agencies worldwide have since arrested several individuals believed to have been associated with the group. At the beginning of March it was revealed in official court records that LulzSec’s alleged leader, a hacker known online as Sabu, has been working as a cooperating witness with the FBI since August 2011.
The rebirth of LulzSec seems to be the hacktivist community’s response to Sabu’s perceived betrayal of their cause and the arrests that resulted from his cooperation with the authorities. The LulzSec Reborn Twitter account was created on March 9 and was accompanied by videos posted on YouTube announcing the group’s return on the hacking scene.
This isn’t the only hack that Lulsec Reborn has claimed: On Monday, the group said it had compromised csscorp.com, the website of a San Jose-based information and communication technology company called CSS Corp.