

LulzSec Leaks 62,000 Email/Passwords of writerspace.com - unixroot
http://www.thehackernews.com/2011/06/lulzsec-leaks-62000-emailpasswords-of.html

======
palish
These kids seriously need to be punched in the face. "For the lulz," as it
were. Or perhaps "for great justice" would be more fitting.

Is there any way we can help these 62,000 people? I'm reading through the
password list now, and many of these passwords are to people's gmail accounts.
I see a comcast account too ... you could probably access billing info just
with that password alone.

It feels like our duty, somehow, as good internet citizens, to help these
people out. Many of them are probably mom'n'dad-types ... they have no idea
what a "Database" is, let alone what it means for one to be leaked.

But we can't just go and change their passwords, even if it's for their
protection, since it's the password to their email account and we have no way
of notifying them.

~~~
mattdeboard
Parse & collect email accounts, send emails (in serial) and weep as it gets
gobbled up by gmail's spam detection.

A more realistic alternative might be to notify Google with a machine-readable
list of email addresses the passwords for which have been compromised so they
can do a system notification of these users without fear of getting eaten by
spam filter.

~~~
nakkiel
It's done. Redditters took care of that.

------
mattdeboard
Prolific & brazen criminals = enormous egos. They won't stop until they are
stopped.

edit: My PR senses started tingling on further reflection.

The best way for LulzSec to be countered is in the PR arena. Since they're
already bad guys, and since they've already worn out their folk hero sheen, it
does no good to villify them.

The best way is to steal their thunder. An organization of people who make a
concerted, __publicized __effort to mitigate damage to the random victims
caught in LulzSec's blast radius would definitely steal the limelight.

It's similar to responding to a forum troll by making fun of them. Take away
their momentum and make them a pawn in your press releases.

~~~
gasull
Sadly, I doubt they can be stopped.

~~~
Wickk
No one is infallible, it's only a matter of time until they slip up. They're
making a rather large footprint

~~~
madmaze
I think calling it a "large" footprint is an understatement. My conspiracy
buddies are going nuts with the idea that its the government trying to
convince us to hand over our internet freedom to them. I wish i could laugh at
them with confidence

~~~
mattdeboard
Well said. I'm not completely convinced this isn't the government, and I'm
definitely not normally a tinfoil-hatter. I think the most likely scenario is
that, like the ATF's blind eye toward gun-runners on the Mexico border, an
agency or agencies have been ordered to turn a blind eye for now.

The chickens are coming home to roost on the ATF thing and I sincerely hope
that, if my suspicions are true, they do the same on this.

------
kabushikigaisha
Please stop upvoting this blogspam posted constantly by unixroot. He's clearly
doing this to promote his site, thehackernews.com

I imagine he's made a killing lately with all the Lulzsec drama that gets
reflex upvoted. Just more noise and blogspam. He submits several stories a day
exclusively from that domain, thehackernews.com

------
mrcharles
It's a great time to be a security specialist. People who know their shit can
probably make an absolute killing right now consulting for companies.

And all companies should be on red alert, because if nothing else, this is an
amazing wake-up call about security.

------
dsmithn
[http://www.reddit.com/r/programming/comments/i16hm/lulzsec_j...](http://www.reddit.com/r/programming/comments/i16hm/lulzsec_just_publicly_gave_away_62k_emails_and/c2019le)

------
petenixey
I'm not convinced these are real. A lot of the passwords are surprisingly
cryptic - not the usual collection of bananas and children's names you might
expect.

Assuming that most people use the same username and password for most things,
and that AOL users will be the least sophisticated I thought it would be
interesting to verify 10 of the combinations which had an AOL address against
AOL. Not a single one of them actually worked and I'm inclined to wonder
whether (happily) this isn't just a hoax.

------
jentulman
I've got to admit to finding a few of the things they do a little amusing in a
somewhat childish manner, but this sort of thing ruins what little (debatable)
good comes from their politics.

If they are going to keep on hitting targets like this just because they can
then, they could at least release only the email addresses and not the
passwords, which will illustrate the point and allow affected users a chance
to know they are at risk from the sites policies whilst reducing the immediate
risk to their data.

Obviously what the could actually do is just release nothing and work with
administrators to correct the errors, but then they wouldn't be garnering the
publicity they so obviously crave.

------
KeyBoardG
There's just no class (as if there could be any in hacking) with LulzSec. I
could be on the side of a hacker with cases like Kevin Mitnick. These guys are
just dicks.

------
iskander
I tried about a 100 password/login pairs and none worked. Perhaps they've all
been changed, or maybe this list is fake.

------
Luyt
Why o why do developers keep storing plain passwords in databases. They should
store hashes instead.

~~~
Jach
That's not good enough. Scrolling through the list, I haven't seen any
password that I can say with certainty couldn't be either brute forced,
dictionary attacked, or found in a rainbow table.

------
trotsky
You're just encouraging them.

------
sixothree
Would it be acceptable for someone to post a list of just the passwords? I
would love to add them to my collection of passwords that are not allowed.

------
dolvlo
So why isn't anyone upset that writerspace.com is storing passwords in
plaintext?

------
dolvlo
Honestly, the more you rage about this in comments here, the more they love
it. Stop caring, it's the only thing you can individually do to reduce their
power. Unless you're working for the cyber police.

------
shareme
Lets see LulzSec and Anonymous trying to out do one another.. and mixed in the
possibility that both are being played by government agents to get info on
wikileaks..

Nothing good will come of this..

