Update: Microsoft has issued a statement. Basically, their sites have not been compromised. Here’s their statement in full:
We immediately investigated reports regarding some Microsoft Accounts including Windows Live and Hotmail and can confirm that no Microsoft site or service was compromised. Microsoft takes account security and privacy seriously. Should we identify any specific account at risk for any reason, we will take action to protect the account. To help keep your information safe, we encourage you to set strong passwords, change passwords regularly and avoid using the same password for multiple accounts. For more information on password security, visit our website at www.microsoft.com/security.
Original story follows.
A hacker group have posted what they call “a small portion” of the logins they have stolen from the PSN, Windows Live and 2K Game Studios.
A pastebin of the data has been posted along with the following message:
Dear Internet, thefollowing is a very small portion of Lord Gaben and the rest of his crew’s glorious raids across the high seas of the Internet.
The group claim to be operating in the interests of public safety and have posted the data to make large companies review their security. The extent of the hack is huge and the group have boasted about the data they collected.
We have 800,000 from 2K and 500,000 credit card data. In all of our raids we have a total of around 7 million usernames and passwords,” he said. “We have around 2 million Comcast accounts, 620,000 Twitter accounts, 1.2 million credentials belonging to the CIA domain, 200,000 Windows Live accounts, 3 million Facebook, 1.7 million EA origins accounts, etc.
We suggest you change your passwords as soon as possible on any accounts that may be compromised. We are waiting for comment from Sony about the latest hack.
Source: CNET
Youles
“in the interests of public safety “. Oh the hypocrisy, cunts.
Thanks for the heads-up, will change passwords.
bunimomike
Couldn’t agree more. If I was a hacker and was doing this in the interest of public safety, I’d contact the company privately.
Twats.
Youles
Exactly Mike, it’s just a lame excuse. One of the companies could even employ their services, but they chose to be destructive. It’s on them. How on Earth are they helping any of those people on that list, who may well be unaware and had their personal accounts hacked/lost for good.
GhostViper
Here we go again… Ugh.
Starman
Damn, these people really need to do something productive with their skills.
bunimomike
I assume that once you’ve masturbated yourself dry (in your mother’s basement) then there’s only one other thing to do. Piss everyone else off. :-\
3shirts
I had a look at the list (here if you want to check yourself: http://pastebin.com/WVzviPyp)
It’s a mix of bad but also very good passwords so I don’t think it was a case of low hanging fruit. Definitely recommend changing password. Bear in mind that’s only a partial list of what they hacked.
MrYd
They’ve got 7 million usernames and passwords? And then go on to list how many they’ve got from various places, totalling over 10 million? (With no mention of PSN)
Now, it’s possible they’ve managed to hack all those different services in some way. But that’s a tiny fraction of the number of users. I’d guess some sort of phishing activity and possibly people using the same password in multiple places.
I’m not entirely sure there’s anything to panic about just yet.
But either way, they are obviously complete and utter (insert between 1 and all the swearwords here).
3shirts
cuntsalad?
MrYd
Now there’s no need for that sort of language. You could have used “s****” instead.
But it’s a good choice. I was going to describe them as a massive bunch of quimgobblers. But that’s just me.
Kennykazey
Agreed, sounds like a very fake list. Some account details make no sense, emails that aren’t in use, passwords of three numeric characters and in some cases emails but no password.
Lyts1985
Agreed. The vast majority of supposed logins on that list don’t meet modern password complexity requirements so I’d be a little skeptical to say the least. I’d be very surprised if any of those accounts actually exist or are active.
double-o-dave
Not again. At this rate I’ll have to end up contacting the hackers themselves soon to find out what my forgotten passwords are.
JR.
In the interst of public safety? Right, so if Al Quaeda blow up a school, they’re doing us a service because security will be increased as a result? Idiots! These guys are terrorists and should be treated as such.
Carrot381
I’m pretty peeved by this, like everyone else, but it’s absolutely nothing like a school being blown up mate.
JR.
Well obviously it’s not on the same scale as a school being blown up but their justification for the attack is ridiculous and I was giving an extreme example to emphasise my point.
These scumbags believe that where there is vulnerability, there is justification in exploiting that vulnerability because it may prevent others from exploiting it in the future. They think what they did is justified and it isn’t.
The right thing to do is to notify the companies in question and allow them to improve their security. They certainly shouldn’t be posting personal information online.
pdannysan13
Thanks for the heads-up. I changed my password even though I was not on that list.
Somebody should take these guys to court for the state of their online security.
dirtiestturnip
I just went on to change my password and noticed that someone has purchased PES 15 using my account, this has emptied my wallet and took £18.33 of my debit card!
To late to the mark for me and from what I hear aswell Sony don’t do refunds either, they tell you to claim it back from your bank, and then ban your account when the bank reverses the transacetion (in America at least). Shall see how Sony customer services deal with this.
pdannysan13
But you have to do something. Can’t just leave it like this.
double-o-dave
Not good! I was going to suggest downloading the copy of PES to your PS4 seeming you’ve unwillingly paid for it, but that may go against you in trying to claim your money back.
dirtiestturnip
I don’t even like sports games. They could have at least bought a game I like so that if i don’t get a refund I had a decent game to play.
So inconsiderate these hackers!
wonkey-willy
Phew! My midgets in gimp masks account has not been compromised..
Surely Google would be issuing password reset emails by now.there are loads of Gmail.accounts on.that list