Hacker Posts List of Compromised User Accounts Online


It seems that people are truly shocked when their identities get exposed, and the vast majority use the same single password for ALL of their online accounts. That’s just crazy!

A ‘kind-hearted’ hacker recently exposed a bunch of online accounts (with passwords) to gain himself more status in a hacker forum (l33t sk1llz dudebro!).

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker’s website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into online fraud. “It’s obviously startling,” said Lachlan Yee, a research associate in biotechnology at the University of NSW and one of those whose details were exposed by the hacker.

Identity fraud is big business now and generally online info is hot, if you have someones e-mail address and general password…you can withdraw all their money from Paypal for example.

You may be able to login into their online bank account if the details are contained in their e-mail and so on.

There are endless possibilities for the creative.

Many of the accounts were generic accounts for Hotmail, Yahoo! and Gmail. But more than 50 were clearly Australian-based, and all were alerted to the breach. “To be honest the whole thing has me a bit spooked,” said one victim, Jonathan Eyles.

“They definitely got me,” said Eyles, a graphic designer in Ultimo. He said the compromised password had been used for many purposes, although online banking was not one of them.

A Victorian man who asked that only his first name, Ben, be used, said he would need to change passwords for about 20 sites because of the breach.

If people want a solution I suggest they use something like this – passhash – they can still have one secure, strong master password but then have unique hashed passwords for every site they use.

This has the advantage that if one site is compromised (and they aren’t using hashed passwords in the DB – it’s stored in plaintext) the hacker won’t have your password to every site as they will all be unique.

Source: Sydney Morning Herald (Thanks Morgan)

Posted in: Password Cracking, Privacy, Web Hacking

, , , , ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


3 Responses to Hacker Posts List of Compromised User Accounts Online

  1. Alex Gatti October 14, 2008 at 1:55 pm #

    I question your integrity on this one. You haven’t added anything to the story of value. Not only that but you mock a culture which you also associate with. Re-posts are fine, but don’t bother changing it if all you’re going to make is John Madden like comments and sarcastic phrases.

  2. Alex Gatti Mother October 14, 2008 at 4:35 pm #

    Ahh shut up Alex Gatti

  3. d347hm4n October 16, 2008 at 1:59 pm #

    No offense but your post brought even less to the document, why not just let Darknet continue his fine commenting as is his want?