2 million stolen passwords for Facebook, Twitter, Google, Yahoo and others leaked online

Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe.
passsResearchers with Trustwave’s SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the “Pony botnet.”

The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers’ credentials it had found on the server.

The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims’ were from the United States, Germany, Singapore and Thailand, among other countries.

Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached.

SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down the Pony botnet server.

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was “123456,” which was used in nearly 16,000 accounts. Other commonly used credentials included “password,” “admin,” “123″ and “1.”

Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.

“People are using very dumb passwords. They are totally useless,” he said.

About these ads

ABC website hacked

ABC website hacked and personal details exposed

The website of the top broadcasting agency in Australia i.e. the Australian Broadcasting Corporation (www.abc.net.au) was hacked last night by a hacker. The hacker apparently hacked the channel’s website as retaliation for the broadcast of an interview of a Dutch Anti Islam leader Geert Wilder on February 22nd. The hacker also leaked personal details of more than 50,000 users on the ABC website and released them online during the night.

ABC website hacked and personal details exposed

ABC website hacked and personal details exposed

The leaked data includes usernames, passwords, email addresses and residential addresses along with other critical sensitive information and more than a 1000 of these users happen to be government employees.

The hacker announced the hack on his twitter handle @Phr0zenM in a tweet, “ABC hacked for giving a platform for Geert Wilders to spread hatred #OpWilders – database leaked!” at around 1pm. Certainly this person is protesting for the airing of the interview of the Dutch leader and performed the hack as part of Operation Wilder.  The hacker infiltrated the website of the program Making Australia Happy and from there the data was stolen.

ABC took prompt action as soon as it was intimated of the hacking. The spokesperson for the channel addressed the press via email and mentioned that the channel had been

made aware that an ABC television programme website was hacked. The website relates to the ABC television programme Making Australia Happy, which aired in late 2010“.

 “At this stage, we are still investigating the details of the breach. However, we do know that it has exposed the name, username and a… version of the password that audience members used to register on the programme website,” she said.

 “As soon as the ABC was made aware of this activity the site was shut down.” 

Moreover, she also mentioned that “The ABC will be in contact with audience members who have been directly affected,” and stated that the attack had originated in some overseas location and that an activist had claimed direct responsibility for the breach.

The leaking of personal details of so many people has generated a lot of outcry by the Australian public and many are feeling anxious. One Mr. Tim Gresham of New South Wales told that he was appalled that his personal details had been leaked online and said that

This hacker has probably got a lot of information about me, intimate information about me, having an idea of what that website asked me in terms of my relationships and personal life,”

They’re asking a lot of people some very intimate stuff on that website, so these hackers have got some fairly intimate information on a number of people if they’ve managed to hack that website. This is big.

However, the Federal Privacy Commissioner Timothy Pilgrim is pleased with the swift response of the channel in this matter and said that he will not investigate the matter personally as he found the handling done by the channel adequate.

The hacker, however, is not the only one to protest against Wilder’s visit to Australia as people had took to streets in Sydney where he made the speech and a minor scuffle had erupted between protesters and the authorities.

Peru Domains Registrar hacked

Peru Domains Registrar hacked and 207116 Domain panel credentials leaked

A domains registrar is an organisation that maintains the database of the domain names on the internet and provides other services concerning the maintenance and handling of domains. Having a domain registered is important since it provides one with the ownership of a domain and does not release it for public acquisition. The domain registrar has a dual job of maintaining domain identities and also protecting the database from intrusion of any kind. However, sometimes minor lapses in security can lead to disruption of activities of a domains registrar as hackers can use these security lapses to make the information public.

Peru Domains Registrar hacked and 207116 Domain panel credentials leaked

Peru Domains Registrar hacked and 207116 Domain panel credentials leaked

A recent incident that has taken place in Peru has proved that hackers are too smart and ready to exploit any flaws in the security system of any website. Some days ago the site of the Peru Domains registrar was hacked by a hacker group in Peru itself and the confidential details and the database of more than 207116 sites was released into the open. This incident has shocked many and again raised doubts about the proficiency of web security and the possibility of cyber attacks and their magnitude. It is surely one of the big cyber attacks of this year and this have given huge media coverage to this incident and this is being discussed by online communities and groups for the last few days. People are wondering about the audacity and the consequence of such attacks on the future of internet security in Peru and other places around the world.
The hackers tweeted about the incident after they released all the information of the websites online. The information that was leaked was the entire list of domain panel usernames, the complete encrypted passwords to the websites, and the company descriptions as well which belonged to banks, security companies, corporate and many other organisations. Moreover, in a further act of defiance, the hackers uploaded the link to download the entire file as well online. The original site is returning the message that the site is under maintenance but the truth is that it has been done by the hackers themselves. Furthermore, another hacker decrypted the entire set of passwords and released them online as well within 2-3 hours of the leak of the domain registry itself.

When the hackers were contacted they responded that they had no malicious intent in hacking the domain registrar website and they just wanted to show to the world that the state of web security is highly damaged in Peru and that a lot of work is needed to meet the standards of security that are required in today’s world where hackers are capable of committing much deeper infiltration than this attack. This is indeed a sorry state of affairs for Peru as an attack of such magnitude is definitely a big question about their ability to guard their online assets and prevent breaches of online security. Hopefully the Peru government will learn a lot from this failure and definitely improve the level of online security so that people do not doubt their security.

 Hacker’s Voice

“We clarify that we have no malicious purposes, only prove that the security of PERU is bad and should be corrected. Greetings to the computer crimes division of the National Police of Peru from March 2012 is nil activity and fail or be close to where we are now ASBANC for trying.”

Hacker uploaded the database here : https://anonfiles.com/file/e14504f5033d2a53457af667b686340f

The password for that File is :lulsecperu

After 2-3 hours, another hacker “@passfile” came up with the Decrypted passwords File.

     http://pastebin.com/MZCaqsTF
     http://pastebin.com/ss8eq9XL
     http://pastebin.com/w6EyKqEY
     http://pastebin.com/YGnhph3G

Now, Peru Domain Registrar website is currently under Maintenance and it is not Maintenance it’s a Hack.