

Lulzsec releases passwords for porn site users and admins - iwwr
http://lulzsecurity.com/releases/pronz.txt

======
beaumartinez
I don't know why you would submit this; you're potentially ruining _thousands_
of people's lives if they use the same login details in multiple different
websites. A login dump doesn't belong on HN.

It even says in the dump:

    
    
      These guys probably sign into Facebook with the same email/pass combo, so we suggest the following:
      1) sign into their Facebook accounts
      2) find their family members
      3) tell them all about how the victim (you!) signed up to porn sites
      4) watch the hilarity
      5) tell us about it on twitter!
      6) ???????
      7) PROFIT
    

I'm tired of reading posts about "hacking" and website break-ins; the fact
that they get so publicized just encourages them further. It's not only the
big companies that get attacked that suffer (and in a macabre sense I'm glad
it happens, it encourages them to increase the security regarding their
customers' information―if only it could be done in a way where no-one else
gets hurt), its their customers―innocent people like you and me!―whose
personal information is leaked.

~~~
bsiemon
Is it feasible that facebook et al could detect an anomaly in the frequency
and scattered source of the successful logins?

------
Groxx

      cat pronz.txt | grep -i <value below> | wc -l
    
      @yahoo.:      11241
      @gmail.:      4176
      @hotmail.:    3976
      @aol.:        640
      @live.:       587
      @msn.:        147
      @mailinator.: 18
      
      1234:         1728
      pron:         215  # edit: -1 for the 2nd line
      password:     91
    

I have a vague feeling there's something to be learned here, but I'm not sure
what it might be.

~~~
smoove
grep -i <value below> pronz.txt | wc -l

grep has it's own cat ;)

~~~
Groxx
Ah, that was it. Thanks!

------
saulrh
Here's my opinion:

* This is almost certainly not the first time these porn sites have been cracked. I would not be surprised if a duplicate of this list can be had for under thirty dollars on the appropriate IRC channel.

* These are porn sites; anybody that gives a real email to a porn site deserves their spam and cracks. I'm not that stupid, and neither is anybody else on HN.

* The people that /are/ that stupid need to get their act together. Anything that penalizes them for bad information security and pushes them toward better habits has a silver lining.

* There are a bunch of people out there that will think, "It's a good thing that those dirty immoral porn-watchers got punished." That could give this cracking thing some positive press in an entirely new segment of the population.

So, although it probably would have been better if this hadn't happened in the
first place, and most people probably don't agree with this analysis, I don't
think that this is the end of the world.

------
noonespecial
And now its time for another "Good idea, bad idea." (The PR edition).

Good idea: Cracking Sony, a giant faceless corporation because they persecuted
an innocent hacker who was enthusiastic about using their product, and
publicly embarrassing them.

Bad idea: Cracking a poorly defended, low-budget porn site and then mocking US
military service members.

~~~
saulrh
Explicitly encouraging people to use the passwords is kind of a dick move,
but... using your military email to sign up for a porn site? I don't know what
the rules are about using your official email to sign up for random internet
services, but I wouldn't be surprised if those soldiers get in real trouble.

[edit to clarify ambiguous pronouns]

~~~
noonespecial
Well, of course they're going to get in real trouble. Lots of people are going
be pretty uncomfortable over this. That's why it was dumb. It didn't do anyone
any good, prove any kind of a point, or make the world any better. Its like
jumping up and down, waving a flag and yelling "I'm 15, unsupervised, and
behaving badly."

I didn't give a rat's hairy ass about Lulz-whatever until now. I figured Sony
made them, Sony will have to deal with them. Now I wouldn't mind at all if the
FBI (using a tax dollar or two) went looking for them and gave them a good
spanking.

------
thefox
Login on Facebook with email addresses and passwords from pron.com:
<http://news.ycombinator.com/item?id=2646862>

------
thefox
Send mails with the Gmail accounts: <https://github.com/TheFox/pronz-gmail>

