Lulzsec Publishes 62,000 Passwords

Matthew Broersma,
data security

The hacker group Lulzsec’s latest strike has been aimed at individual users, resulting in consumer fraud

Hacker group Lulzsec, known for recent attacks against the likes of the NHS, the US Senate and the CIA, has posted a list of 62,000 usernames and passwords in its latest action.

The incident has already resulted in fraudulent purchases from e-commerce sites such as Amazon.com, according to reports.

Passwords reused

12,000 of the username and password combinations appear to have been stolen from Writerspace.com, a discussion group centred on mystery and romance novels, and the site is in the process of determining what happened and contacting affected users.

“Today an anonymous group of hackers known as LulzSec posted a list of 62,000 email addresses and passwords,” Writerspace.com said in a message posted on its website. “That list included about 12,000 e-mail addresses and passwords from Writerspace members… Today’s email list was posted by the same group that hacked the CIA website earlier in the week and the US Senate website last week.”

The incident has broader scope because many of the users used the same username and password for multiple websites, including e-commerce websites.

As one user posted to Lulzsec’s Twitter feed: “It’s quite sad seeing how quite a few folks have the same password for multiple accounts. Picked up a few Amazon, Paypal etc.”

Users posting to Lulzsec’s Twitter feed said they had used the passwords to take over user acconts on Twitter, Facebook, World of Warcraft and other services.

Lulzsec, which claims to carry out its attacks for entertainment purposes, posted the list on Thursday morning on Mediafire, a file hosting website. The link was removed by Mediafire, and Lulzsec reposted the file on Thursday afternoon.

“We’re just hitting 2,000 downloads now; assuming Mediafire will keep it up for another 30-60 minutes, get it while you can,” posted a Lulzsec user on the group’s Twitter feed on Thursday afternoon.

Large organisations

The addresses included accounts belonging to employees of large companies including IBM and state and national government agencies in the US and Australia.

Affected organisations included the US Army, Navy and Air Force; the US Federal Communications Commission; the US National Highway Traffic Safety Administration; the US Department of Veterans Affairs; the US Coast Guard; AusAID; the Victorian Department of Childhood and Early Education; and several local councils in New South Wales and Victoria.

Other recent Lulzsec targets include Nintendo and Sony.