Hacker Posts List of Compromised User Accounts Online


It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!

A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.

Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.

You may be able to login into their online bank account if the details are contained in their e-mail and so on.

There are endless possibilities for the creative.

Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.

“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.

A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.

If people want a solution I suggest they use something like this – passhash – they can still have one secure, strong master password but then have unique hashed passwords for every site they use.

This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB – it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.

Source: Sydney Morning Herald (Thanks Morgan)

Posted in: Password Cracking Tools, Privacy, Web Hacking

, , , , ,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


3 Responses to Hacker Posts List of Compromised User Accounts Online

  1. Alex Gatti October 14, 2008 at 1:55 pm #

    I question your integrity on this one. You haven’t added anything to the story of value. Not only that but you mock a culture which you also associate with. Re-posts are fine, but don’t bother changing it if all you’re going to make is John Madden like comments and sarcastic phrases.

  2. Alex Gatti Mother October 14, 2008 at 4:35 pm #

    Ahh shut up Alex Gatti

  3. d347hm4n October 16, 2008 at 1:59 pm #

    No offense but your post brought even less to the document, why not just let Darknet continue his fine commenting as is his want?