14 October 2008 | 10,974 views

Hacker Posts List of Compromised User Accounts Online

Check For Vulnerabilities with Acunetix

It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!

A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.

Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.

You may be able to login into their online bank account if the details are contained in their e-mail and so on.

There are endless possibilities for the creative.

Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.

“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.

A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.

If people want a solution I suggest they use something like this – passhash – they can still have one secure, strong master password but then have unique hashed passwords for every site they use.

This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB – it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.

Source: Sydney Morning Herald (Thanks Morgan)



Recent in Password Cracking:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Source Code Hosting Service Code Spaces Deleted By Hacker
- Moscrack – Cluster Cracking Tool For WPA Keys

Related Posts:
- Popular Posts
- Massive Celeb Leak Brings iCloud Security Into Question
- Nvidia Investigates Claims Of Online Store Compromise During Spate Of Hacking

Most Read in Password Cracking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,054,572 views
- Password Cracking Wordlists and Tools for Brute Forcing - 496,989 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 413,486 views

Advertise on Darknet

3 Responses to “Hacker Posts List of Compromised User Accounts Online”

  1. Alex Gatti 14 October 2008 at 1:55 pm Permalink

    I question your integrity on this one. You haven’t added anything to the story of value. Not only that but you mock a culture which you also associate with. Re-posts are fine, but don’t bother changing it if all you’re going to make is John Madden like comments and sarcastic phrases.

  2. Alex Gatti Mother 14 October 2008 at 4:35 pm Permalink

    Ahh shut up Alex Gatti

  3. d347hm4n 16 October 2008 at 1:59 pm Permalink

    No offense but your post brought even less to the document, why not just let Darknet continue his fine commenting as is his want?