Hackers at it again. Check your paypal accounts

[WilsonFourTwo]

Quote:

Originally Posted by ken0042

I did a scan of that list; 90 @telus addresses and the results showed over 100 @shaw.ca addresses. So odds are somebody here knows somebody on that list.

I went to school with one of them (15+ years ago). And yes, I'm 100% sure about the name.

Kinda spooky.

[DownhillGoat]

It's getting to be the popular thing to do these days. Just logged into airmiles and saw that they had someone get names and emails from their system.

[Ducay]

FYI they released a giant batch of user data (their final hurrah apparently).

Sadly, even my info was on this release (damn you Battlefield Heroes!) All my passwords have since been changed

Check your emails/usernames @ following link

http://gizmodo.com/5815551/find-out-...s-grand-finale

[kirant]

Hah! Nothing...despite like 20+ various accounts on the Internet. Take that LulzSec!

[Byrns]

After all these releases I can't believe people still use(d) the same password on multiple accounts.

[Hack&Lube]

This is old news guys. Lulzsec is dead and disbanded and most of their members have gone into hiding because another group called "The A-Team" has publicly posted the names, addresses, and other personal information about most of Lulzsec members and has made more details available to law enforcement.

http://pastebin.com/iVujX4TR

Code:

  To understand who/what lulzsec/gn0sis are/is you need to understand where they came from.  Everything 
           originates from the *chan (4chan/711chan/etc.) culture.  This internet subculture is pretty much the
           dregs of the internet.  It's a culture built around the anonymity of the internet.  If your anonymous
           no one can find you.  No one can hurt you, so your invincable.  The problem with this idealogy, is it's
           on the internet.  The internet by definition is not anonymous.  Computers have to have attribution.
           If you trace something back far enough you can find its origins.  So let's give a brief event timeline
           on how these groups got together:
 
                1.  Anonymous rises up from 4chan against CoS.
                2.  Anonymous starts DDoSing stuff.
                3.  Various lower level hacking groups get involved.
                4.  Anonymous stagnates for a while.
                5.  Uprisings in the world Attract Anonymous.
                6.  ProjectPM Looser Barrett Brown becomes mouth piece of Anon.
                7.  Anonymous shifts focus toward "Worldy" Affairs.
                8.  Aaron Barr desides he's tired of his job and targets Anon.
                9.  gn0sis (Uncommon) comes out of no where and releases the Gawker data.
                10. gn0sis teams up with anon hackers with all the OP<INSERT SOMETHING HERE> crap.
                11. gn0sis (nigg, eekdacat, uncommon, kayla, lauralie) and sabu (from OP Anon ####) hack HBGary.
                12. This is where Topiary comes in.  They all form lulzsec to be "hacktivists".
                13. Lulzsec (now a mix of gn0sis and opanon people) hack SONY and other stuff.
 
           The problem with Lulzsec/gn0sis's "Hacktivist" mantra is that they lack the skills to keep it going.
           As such after SONY they couldn't get into anything.  So they switched their focus to just releasing
           random crap that didn't mean anything.  Then they started running out of things they could hack. So
           they put out requests for people to join them.  That got them a few hits, and now they've switched
           their gears again to be "ANTI-SEC".  Whether or not this was an attempt at bring other groups out of
           the shadows (el8, h0no, zf0, etc), you can only speculate.  But as of this writing: 6/24/2011 Sabu
           and Topiary are the only two people updating the twitter and releasing ####.  Kayla is MIA.  The 
           gn0sis kids are gone in hiding somewhere.  
 
           From what we've seen these lulzsec/gn0sis kids aren't really that good at hacking.  They troll the internet
           and search for sqlinjection vulnerabilities as well as Remote File Include/Local File Include bugs.  Once 
           found they try to download databases or pull down usernames and passwords.  Their releases have nothing
           to do with their goals or their lulz.  It's purely based on whatever they find with their "google hacking"
           queries and then release it.  
 
           What's funny to us is that these kids are all "Anti-Sec" yet by releasing their hacks they are forcing these
           companies to have to hire security professionals which keeps the Security Industry that they are trying to 
           expose and shut down, in business.  I guess they will realise that later in life when they get out of skid
           school.
 
           So we've been tracking and infiltrating these kids since the gawker hack.  We have the D0x (as they call it)
           on everyone except Sabu and Kayla.

[Ducay]

Old news? This data is from the giant dump they released yesterday as they "retired" for whatever reasons they had.

[Yasa]

This is the internet. Hack&Lube's post just because old news.

[Russic]

If you reuse passwords or username/password combos you are officially insane. If having unique passwords seems daunting to you, look into a service such as 1password or a similar password manager. Trust me, just do it. It takes a while to set your system up at first, but once you do it an attack can have minimal impact (instead of changing 30 passwords you change the 1 problematic password) plus it can make life so much easier on the internet in general (1password allows for single click entry to password sites).

[THE SCUD]

How is 1password compared to lastpass? I use lastpass, but got caught in the BF heros leak (). I use separate passwords for online banking, ebay, etc - but most of my forum / useless site passwords are one of two or three - so this leak hit me, but I don't really care too much as I don't think I have any financial accounts with that same login name or pw.

With that said, unique PW's are a good idea - I know lastpass offers to generate them for me, but I don't as I often wonder "what happens if I am somewhere that I don't have lastpass access?" - Wish they had a good iphone app!

[Azure]

Quote:

Originally Posted by Russic

If you reuse passwords or username/password combos you are officially insane.

Meh.

I use mostly the same password on all the forums I post on. I doubt anyone is going to hack or exploit CP and take my username/password and post it on the open internet. And if they do, I'll just change it, or email Photon and tell him to reset it.

As for banking and such, well that is a different story.

Facebook? I don't have anything of value on there. So who cares if they get my password. Besides, I have a 2nd email verification thing setup, so if they ever access my account and change my password, I could easily get it back.

I guess for those people that post their private life on Facebook it can be a problem.

[chalms04]

Just a heads-up, I had an unauthorized access attempt on my Xbox Live account this morning. Somebody bought a long enough membership and enough M$ points to last them a lifetime.

Microsoft and Visa are on the case for me, they intercepted the transaction and are in the process of refunding me. According to them, they only got the last 4 digits of my card, so we'll see how things play out.

[photon]

Actually had my battle.net account hacked today. Must have been a pure password guess as I don't have anything for that installed on my system so no keylogger could have got it.

Jokes on them though, no active WoW

[Ozy_Flame]

Regarding this new breed of hackers, I can't help but think of Michael Caine . . .

"Some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn."

[kirant]

BUMP

They're after Facebook now
http://news.yahoo.com/blogs/cutline/...tml#more-20766

Honestly, it's pretty hard to side with Anon...this is basically extending their old policy to cover governments...they're basically selling values that, unless you're available on Openbook for searching, make you a 1 in a million statistic...most of us are part of censuses anyways...so it's more of the same.

And honestly, it's hard to support guys who vandalize rural police sites for arresting cohorts on legitimate charges.

[zamler]

I am very paranoid about entering my email address on some site to see if you've been hacked. How do I know I'm not entering a valid email address into a database that gets abused later?