This article was published on June 16, 2011

LulzSec releases 62,000 user credentials, followers begin accessing accounts


LulzSec releases 62,000 user credentials, followers begin accessing accounts

Update: You can check if your details have been leaked here.

Hacker group Lulz Security took another step in its campaign to expose the security woes of its specified targets by releasing what looks to be 62,000 random user email addresses and passwords, prompting its Twitter followers to access accounts to gain any sensitive information they can find.

Be creative instead of being a potato. Try PayPal combinations, Twitter, Facebook, eBay, Runescape. Pick a target from the list.

Within minutes, Lulz Security’s Twitter followers had already downloaded the file, hosted by MediaFire, 3200 times, prompting the group to query how long the the company would allow the file to be downloaded:

Congratulations if you were in the first 3200 downloads. Now we see how long it takes mediafire to delete it. Get it while it’s fresh!

With Twitter followers successfully accessing Gmail, Facebook and even World of Warcraft accounts, the group began retweeting their escapades:

It is not known whether users are simply accessing accounts for fun or if users listed will find their personal information stolen, but with 62,000 independent account holders not knowing their details have been compromised, an intrusion may never be detected.

F-Secure CRO Mikko H. Hypponen believes the passwords have been stolen from Writerspace.com:

LulzSec earlier claimed it had taken down the CIA.gov website. The group has also performed attacks on Sony BMG, Nintendo.com, Sonypictures.com, PBS.org, Fox.com, US X Factor contestant database, Sonymusic.co.jp, InfraGard (a company affiliated with the FBI).

Get the TNW newsletter

Get the most important tech news in your inbox each week.