Sections

LulzSec publishes file containing PayPal, XBL, and Facebook account information

Saturday, 18th June 2011 17:05 GMT By Stephany Nunneley

LulzSec published a filed yesterday which supposedly contained login and password information for users of Facebook, PayPal, Twitter, “dating sites,” and Xbox Live.

CBC reports that approximately 62,000 accounts were compromised, with most stemming from the United states, although many other countries are listed on the report.

LulzSec has the information posted on its website, and the report states that some Twitter users have claimed to have used this information for purposes ranging from the nefarious, to borderline gags.

The hacker group posted the file with the pertinent information of the 62,000 users on file sharing sites, which quickly removed the information, but not before it was downloaded “thousands of times,” according to LulzSec.

Microsoft has responded to the situation, stating to Joystiq that Xbox Live was not compromised to the best of it’s knowledge. The firm said that logins and passwords were “released at random.”

“This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox Live in the event one of the users happens to use the same password and email address combination,” said Microsoft. “At this time we do not have any evidence Xbox Live has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats.”

You can read up on this more through the links.

Breaking news

31 Comments

Sign in to post a comment.

  1. Strandli

    Compared to this, I actually “prefer” the PSN breach.
    Both are bad, but at least the hackers behind the PSN breach had a target and a goal, and that was not to hurt individuals.

    Lulzsec do whatever the hell they want, without reason, other than “lulz”. That makes them way more scary than the PSN breach and hackers behind it, IMO. They publish login and password information of thousands of innocent people with the intent to screw with them. I would rather be one of the millions harmed in the PSN breach than one of the 62000 in this leak.

    These people just want to mess with people, and so far they’ve done a pretty good job, even if these individuals doesn’t get the spotlight in the evening news.

    #1 3 years ago
  2. Toastrules

    For some reason this isn’t on the front page of major news outlets. This is why they are able to keep doing this. The minute the FBI and the CIA start getting into this, hopefully then justice will be served.

    For now, however, we will just have to increase the security of our accounts until our stupid governments get it together and stop treating this like a bunch of 12 year olds with LOIC.

    #2 3 years ago
  3. McLovin85

    Their motivations are the same as the Jokers’ in The Dark Knight movie. All they are is an agent of chaos and are doing this to create mass disorder and distrust which is what makes them so dangerous.
    They are “a dog that is chasing a tyre who wouldn’t know what to do with it if they caught it”.
    Anyway, they will eventually get their comeuppance as everyone eventually does. There is no way that they can infiltrate all these website etc. without leaving any traces behind. In this day and age it is almost impossible to commit the perfect crime, all it takes is time unfortunately.

    #3 3 years ago
  4. lexph3re

    @1 problem with that is psn users still have not been proven for compromise. The biggest issue for the psn was the downtime sony took to confirm. Still no information on psns hack has turned up compromising the users. If lulz truely did hack live they actually posted harmful material but this isn’t confirmed as valid yet. Only the people testing out the list will know. Hopefully microsoft will be able to confirm the validity of the list before others do

    #4 3 years ago
  5. endgame

    what McLovin said.

    #5 3 years ago
  6. sg1974

    “Microsoft has responded to the situation, stating to Joystiq that Xbox Live was not compromised to the best of it’s knowledge.”

    To the best of its knowledge? That’s reassuring.

    #6 3 years ago
  7. OrbitMonkey

    It’s a fucking guarantee these guys are seriously believing their own *we’re untouchable pc ninja’s* bullshit.

    It’s gonna be hilarious when they get sold out by a disgruntled friend, jealous peer, or a nosey neighbour ;)

    #7 3 years ago
  8. Moonwalker1982

    FBI,CIA,Interpol? Sure..but stay the hell away from the games industry, wtf man.

    #8 3 years ago
  9. Gekidami

    Title seems misleading. Its stating that PayPal, XBL & FB info WAS published. Yet from what i understand its actually just a collection of info that MIGHT work on those sites, thats the context the hackers are asking it be tried in.

    PayPal, XBL, & FB account information WAS NOT actually published.

    #9 3 years ago
  10. sg1974

    @9 Thats OK Geki the worlds press and countless people commenting on places like this insisted Sony lost tens of million of our credit card numbers yet theres not a single shred of credable evidence they lost a single one

    #10 3 years ago
  11. DSB

    @10 Actually people were surprised that they didn’t protect their information better. You don’t need a credit card number to fuck with someone.

    I know it’s suprising that your corporate darlings could actually let something like that happen, but that’s exactly why everybody was up in arms about it.

    #11 3 years ago
  12. Exzeerex

    This is old news. I got the file on June 16th.

    Proof: http://www.vg247.com/2011/06/15/intruder-2011s-hacking-story-from-lulzsec-to-anon/#comment-299741

    And yes, there are proof of various accounts being hacked. One person claimed to have aquired a level 85 WoW account:
    http://twitter.com/#!/MiracleJoe/status/81333940622856193

    There are even a pic of one FB account that was hacked:
    http://t.co/lnc6QUK

    The file is a gold mine ;)

    #12 3 years ago
  13. Phoenixblight

    @12

    Any idiot can take a picture and claim it as proof of hacking. Try harder next time.

    #13 3 years ago
  14. chriswhaaat

    if you’re worried about your information gizmodo has a page where you can check if your information has been posted

    http://gizmodo.com/5812545/find-out-if-your-passwords-were-leaked-by-lulzsec-right-here

    #14 3 years ago
  15. aprotosis

    @6 Bare in mind, prejudice aside, the breadth of Microsoft’s knowledge on the subject is vast.

    Supposedly these passwords are just a random outpouring of hacked accounts gained across various unsecured networks that they have been gathering for a while. XBLA, FB, Paypal, etc have not been hacked, but people who use the same password for everything might want to stop doing that.

    #15 3 years ago
  16. Alakratt

    Let’s be fair here, when it was about Sony, none of you asked for proof when the news said 77 millions accounts were compromised and CC info too. It was geniune, but when it’s not Sony related, you suddenly need proof and believe ANYTHING those companies that were hacked say. Nothing/nobody is completely safe, live with it!

    #16 3 years ago
  17. Ryzilient

    Where’d I put that Michael Caine quote from ‘The Dark Knight’ …

    #17 3 years ago
  18. neon6

    YOU GET

    WHAT YOU PAY FOR

    #18 3 years ago
  19. DSB

    @16 60,000 e-mail addresses and passwords is infinitely little, and certainly doesn’t require a hack of any kind.

    We live in a world where a simple spam e-mail promising pictures of Britney Spears’ tits will get you that without a problem. People are idiots, and it takes nothing to pass them a keylogger.

    Just look at the ammount of people who get “hacked” playing World of Warcraft. 99% of the people claiming a “hack” have simply given away their password, on account of being a moron.

    Nothing and nobody is ever completely safe, theoretically, but if you allow hackers two days to carry out a determined attack on your servers, without anyone considering a shutdown, like Sony did, then you’re definitely not safe.

    I believe Mojang responded to the attack on Minecraft within 60 minutes.

    #19 3 years ago
  20. Ali Mofadal

    OMG its working, paypal accounts too, i believe in karma so i sent emails to these guys telling them to change their passwords

    #20 3 years ago
  21. OrbitMonkey

    @DSB I don’t think Alakratt is making excuses for Sony, merely stating the truth. At the time of the Sony hack their was lots of fud & disinformation, journo’s claiming Sony’s been hacked to death, other platform fanboys loving it, claiming you get what you pay for & thinking it’ll never happen to them…

    Wrong, lulzsec are quite successfully proving it can happen to anybody given currant internet security & their manifesto is about changing that.

    All companies are as culpable & vulnerable, Sony just got hit first.

    #21 3 years ago
  22. DSB

    @21 That’s really not what’s going on. Not even close.

    By all accounts they’re picking soft targets. If they were somehow breaching every major network, that would be impressive, but DDOS’ing a few login servers, and breaching a few infosites from games developers really doesn’t show a worldbeating level of competence, they’re just good at knowing what to hit.

    I’m sure they aren’t amateurs, but the fact that Sony actually let them attack their servers for two full days, either because they failed to detect them, or because they failed to act, simply indicates a system that wasn’t properly protected.

    Rule number one of protecting your network: When in doubt, pull the plug.

    Wake me up when they publish all the information that’s on Battle.net, Paypal, First National, Steam, HSBC, Visa, Mastercard, Xbox Live, Google Checkout. It’s simply not gonna happen, unless someone is either asleep at the wheel, or militarily funded.

    Mastercard actually did get hit and breached back in 2005, but only lost a fraction of their accounts before responding.

    #22 3 years ago
  23. OrbitMonkey

    @DSB I’m not making excuses for Sony, they got caught out & to suggest otherwise would be obtuse. BUT the only people who know how bad Sony were hacked are Sony & the hackers, and their both being tight lipped.

    I expect that off Sony, but not Lulzsec. Which is odd cuz lulzsec have been very vocal about everyone else they’ve hit, 800,000 brink users wasn’t it? Personnely I believe the hack that brought down the psn was carried out by criminals attempting a cyber bank job, that almost succeded.

    Everything lulzsec have done since is to point out that its the system ALL companies use that is flawed & all the companies know this because they’ve been told by the security experts its flawed.

    #23 3 years ago
  24. DSB

    @23 They might be the only ones who know the exact details, but the fact that Sony aren’t willing to determine the scope of the attack means that they must’ve suffered a complete failure.

    What we do know is that the breach occurred during a sustained 48 hour attack, which in itself would never even be possible on a properly protected network. Like I say above, if you feel like someone is threatening your network, you pull the plug.

    You cannot breach what isn’t there, and Sony had 48 hours to shut it down.

    This would be standard practice at any mid-sized internet business, who can pretty much count on weekly if not daily attempts at their information.

    The fact that it took Sony two days to either respond, or detect the attack means that their system very likely wasn’t up to speed.

    Alternatively, you might be dealing with some sort of invisible superhacker that has powers the world has never seen before, but given that Sony haven’t used that as a defence, and instead resorted to saying as little as possible, I find that highly unlikely. I reckon they just got caught with their pants down.

    Lulzsec have been hitting soft targets, and making people believe that they’re outstanding hackers, when none of the targets they’ve hit have been very impressive, apart from Sony. Why aren’t they hitting the ones with proper protection?

    #24 3 years ago
  25. NeoSquall

    @24 They found them because some idiot started downloading the hell from PSN using CFWed consoles that were identified by the system as “developer consoles”, likely to put them on torrents claiming to make justice because the big bad Sony hit the poor chap Hotzie.
    If that never happened, the real criminal activity happening below that wouldn’t have been found until much later.

    #25 3 years ago
  26. OrbitMonkey

    Eh, fucked if I know DSB… I’ll wait for the Social Networkesque movie from Fincher ;)

    #26 3 years ago
  27. DSB

    @25 Do you know of anywhere to learn more? I haven’t really seen it described in that much detail before.

    Some people mentioned an inside job, which would also explain the lack of detection, but again, if that was the case, then Sony would be completely blameless. Why not let people know and restore faith in your company?

    @26 Think about it, going after 200,000 Brink users when you could be grabbing millions upon millions of Steam users, more than likely ten to twenty million from Battle.net?

    They’re obviously just taking what they can get.

    #27 3 years ago
  28. sg1974

    DSB must be a Sony insider, seeing as he knows so many facts that are not public knowledge

    And how are they my corporate darlings? Because I ask for people to be consistent instead of singling out one comapny like fanboys? Grow up, this isnt the playground

    #28 3 years ago
  29. DSB

    You must’ve missed something. Those facts are confirmed by Sony, and it’s all been part of the public record since early May.

    Kazuo Hirai, Executive Deputy President of the Sony Corporation specifically stated that the attack was detected some time between April 17 and 19. Playstation Network wasn’t taken offline until April 20.

    Nobody’s singling Sony out – That’s the fanboy talking. They simply managed to get themselves singled out. They’re the only company to suffer a breach of that magnitude, leaving 77 million accounts compromised. To the best of my knowledge, that has never happened before in the history of the internet.

    So yes, they are very much singled out, and it’s not very hard to see why.

    #29 3 years ago
  30. NightCrawler1970

    Is Lulzsec on a hack-marathon, does that mofo ever sleep, or is it “hack till ya drop”…..

    #30 3 years ago
  31. OrbitMonkey

    ^ Lulzsec isn’t one guy, its a group.

    #31 3 years ago