LulzSec Over, Gaming Forums Leaked

TSA Staff 35 Comments

It looks like notorious hacking group Lulzsec have, after “50 days of lulz”, ceased operations, at least in their current guise.

Their last hurrah, though, is a biggie – they’ve leaked a huge amount of data which includes 50,000 “random gaming forum” usernames, email addresses and – in some cases – passwords.  It’s not clear which forums the lists are from.

In addition, there’s “internal data” on AOL and AT&T, a list of half a million Battlefield Heroes Beta users, 200,000 users from Hackforums, more on the FBI and a list of routers that haven’t had their admin usernames changed.  Oh, and more.

“It’s time to say bon voyage,” says the team’s last press release. “Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love.”

“If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”

We’ve checked the file and – although we do strongly suggest you check it yourselves – it looks like TSA wasn’t compromised, thankfully.  Would have made for a shitty birthday for everyone if it was.

This post on GAF has links to downloads of the Battlefield and Forum Member lists without the passwords included so you can see – we strongly advise you check out for yourselves whether you’re on the lists. If you’re on a list with a plaintext password – and you use it elsewhere – change all your other passwords.

As always, passwords should be unique for each and every service and site you use.

Tags:

Related stories from TSA

Sony Agrees To Pay £250,000 Over 2011’s PSN Hack
The Two Year Anniversary Of The PSN Hack
Sony Fined £250,000 Over PSN Hack
Amy: PS3 Version Completed In April?

35 Comments

  1. Thanks just checked the file, doesn’t seem to have any of my details. good.

  2. Good work reporting this.

    “Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind –we hope –inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love.”

    The only 3 emotions from that list I think anyone feels are hate, disapproval and embarrassment. Oh, perhaps mockery as well, in that we mock them for being such utter tools. Approval? No. Happiness? Nope. Fear? Not from me, maybe corporations but I doubt it. Love? Definitely not, not from anyone. Hate? Yep, that’s the one.

  3. Im not on there. Phew

  4. Thanks for the heads up, luckily I don’t think I’m there.

  5. Looks like ninja web do a great job and Lulzsec is taken at his own gam
    Good

  6. Ah so they’re doing a runner and leaving that kid to take the rap. How noble..

  7. I gave up checking as its all random , is there a way to make it alphabetical or to search for specific words in a txt file ??

    • Hit Ctrl+F in Notepad (or word, Firefox etc, wherever you’re reading the file) then type your username and press “Find next”

    • Ctrl F is the default find key I think.

    • Thanks guys for the tips , particularly as i am in the list ! I played the Battlefield Heroes beta once or twice . Bollocks.

  8. I’m in the Battlefield Heroes Beta (550k users) list, but it’s only my username, so that’s nothing to worry about. I’m not in the list with 60k cracked passwords, properly because I use 30char random generated passwords for everything, so I even if my BF Heroes password was leaked, no real harm would have been done for me.

    A funny note though, I’m number 2692 out of the 550k users, which sounds right, as I good beta access pretty early.

    Let’s hope these guys are done playing “rebels” and got scared enough by team web ninjas.

    • Im in the same boat mate , so thats all they have just a user name ? If so big deal and thanks for the tip. Its like the PSN hack then where something is blown out of all proportion and all they have is a username and email address but no CVV codes .

      • By the looks of it, they have the hashed value of the passwords for the 550k users. But cracking hashed passwords takes some heavy brute forcing and if you look at the list with 60k passwords, it’s only password at six chars.

        So unless you used a pass on only 6 chars, you have nothing to worry about.

  9. Im not on there, so :), im glad they have stopped and there ‘cruise’ has come to an end

  10. Had a look through the torrent last night, I’m not on there

    I’ve certainly learned a lot about password security, but lets hope the IT guys/server admins/data protection officers at all these companies and others have learned how to update their OS/software to the latest versions, and to generally take more care over customer data. Somehow I doubt it though!

    So, ummm thanks… I guess *shrugs*

Comments are now closed for this post.