The Swarm Gets Scary
In case you haven't heard, the hacker group LulzSec has just released a Great Big List of Emails along with their passwords. They haven't revealed where or how they got the list, rather they've released it simply to watch the chaos that ensues.
This is a very big deal, and your email address might be on the list, so I've re-posted it here (without the passwords of course), so you can go down the list, and search for your own address(es). If you find one on there, change the password immediately (if you can) and if you've ever conducted any financial business through that account (orders on Amazon, etc.) watch your credit card records for the coming months for suspicious activity.
When they were just hacking into and defacing websites or disabling company services, I was a big fan of LulzSec, but now that they're targeting innocents, they've lost my support and I can't be alone. Please, if you don't do so already, make sure that you follow these rules for passwords on your various Internet accounts:
- Use a different password for each account.
- Change that password (or the way in which you generate it) regularly.
On the one hand, they've done a lot of damage here, damage to people who really didn't deserve it. But at the very least, we can take this as a lesson on how to better protect ourselves online. It's only going to get more complicated from here on.
luckily I'm not there, but then my security is insane right now.
1) my important passwords are crazy hash that nobody can remember
2) they are secured in lastpass that no requires a physical yubikey in order to unlock
3) my gmail has two-factor authentication, so even after the yubikey and lastpass, you need to enter a ever changing code generated by my cellphone
cool eh?
Stephen that is awesome. I shall have to setup something similar.
From the title I expected this to be about the riots.
Heh, I suppose it would have worked for both eh?
thanks for the list!
I am working on a project at the moment that is mass mailing every single one of those emails with a warning that their name is on the list, how it was made public, and how they can protect themselves in the future.
I have been spending hours trying to format the list so remove garbage data. You have done the dirty work for me. Thank you so much. As we speak I have a quick dirty script running that is converting the list to INI format. Cheers.
-VyRy Vendetta ViRii
Well I'm not sure why it took you hours to do it, the whole list was done in about 5min and a one-liner of sed. But I'm glad I could help.
It took me hours because I was pre-occupied with coding, and laziness. My original plan was to send the password for each account with the email to let the users know that it isn't some kind of trick.
-VyRy Vendetta ViRii