Hackers leak 13,000 Passwords Of Amazon, Walmart and Brazzers Users

Hackers claiming affiliation with the hacktivist group "Anonymous" have allegedly leaked more than 13,000 username and password combinations for some of the worlds most popular websites, including Amazon, Xbox Live and Playstation Network.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

The news came just a day after the hacker group Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox Live gaming networks on Christmas day, which is estimated to have affected Xbox's 48 million subscribers and PlayStation's 110 million users, making it a total of more than 150 million users worldwide.

However, data breach of 13,000 users is not the biggest data breach we've ever seen. When millions of passwords are used for sites around the globe, chances are very minor that our’s among those compromised. But still it’s important to note as these accounts come from a variety of online sources and among those, some are really very popular.

The Daily Dot's Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:

• Amazon
• Walmart
• PlayStation Network
• Xbox Live
• Twitch.tv
• Dell
• Brazzers
• DigitalPlayground
• and see complete list.

Just to be on a safer side, users are recommended to change their passwords if they have accounts on these compromised websites, and also pay attention to your credit card transactions and if any suspicious activity found, immediately communicate with related banks and financial institutions.

Also, don't use the same passwords for banking and online shopping sites, and always keep an eye out for unusual activities or unauthorized purchases with your accounts.

Hacker group Anonymous fights back, in support of #MegaUpload

Is this really happening? After hearing about the MegaUpload shut down, the hacker or ‘hactivist’ group Anonymous is already taking a stance on the situation, and fighting back. They have already taken down Justice.gov and UniversalMusic.com and shot off a tweet saying:


As of this writing, both sites are down, see screen shots below. One can only assume that they will be or are already targeting other sites to take down in regards to this MegaUpload piracy issue. More to come I am sure.

UPDATE 1: Anon is going hard. They just took down riaa.org!
UPDATE 2: MPAA.org is down as well!

Analysis of Stratfor Site Breach Reveals Weak Passwords, Poor Enforcement

Update from Hacked and discredited: Anonymous takes down Stratfor

Stratfor’s clients include the U.S. Army and Air Force and the Miami Police Department, and a report released by Identity Finder, an identity theft and data loss prevention company in New York, stated that personal information about Stratfor’s subscribers with first names starting with A to M were already released. Information about those with first names beginning with N to Z are believed to be soon released in the coming week, along with 2.7 million email copies.

Information obtained from the hack so far released include:

• 50,277 unique credit card numbers (9,651 not expired)
• 86,594 e-mail addresses (47,680 unique)
• 27,537 phone numbers (25,680 unique)
• 44,188 encrypted passwords (50% can be cracked with ease)

While users need to select stronger passwords to access on online services, enterprises also need to enforce strong security policies for the Web sites and applications.

As Stratfor continues rebuilding its Website after the cyber-attack in which email addresses of its subscribers and other personal details were leaked, the company is coming under fire for its weak passwords and security policies.

Using a group of lists containing common passwords, names of people in Congress, words from the King James Bible, various computer jargon and programming phrases, previously dumped lists from Gawker and other sites and other lists, Hashcat was able to crack 25,690 passwords. A more extensive list that used words and phrases from various languages as well as common 3- and 4-character passwords, among others, yielded 21,933 additionally cracked hashes. It took Hashcat less than an hour to crack over 47,000 password hashes, according to the analysis.

The list of cracked password showed a high degree of passwords that used birthdates, names of family members, or something with a personal reference (such as 'ford1996'). Unlike "throwaway" passwords, such as '123456' and 'qwerty,' these personal passwords are more likely to be re-used on other sites because they are easier for the user to remember.

Detailed analysis here.

Hacked and discredited: Anonymous takes down Stratfor

The servers of global intelligence firm Strategic Forecasting have been hacked into, allegedly by the Anonymous group. Some Anonymous members claim responsibility, while the group’s press release denies it.

More than 200 GB of Strafor’s internal data were allegedly lifted from its servers before its network was shut down. Strafor’s web server was offline for some 40 minutes, during which the company sent notifications of the security breach to its clients.

While some alleged members of Anonymous claim to have released a cache of information containing private correspondences and credit card data obtained in the breach, a press release from the group says the hack was not its work.

One of the alleged hackers tweeted that the goal of the operation was to use the financial data to steal money and give it away as Christmas donations. "Over 90,000 Credit cards from LEA, journalists, the intelligence community and whitehats have been leaked and used for over a million dollars in donations," the tweet said.

A number of large corporations and government agencies rank among Strategic Forecasting's clients. The firm provides strategic intelligence on global business and economic, security and geopolitical affairs.

Anonymous posted a link to what is believed to be a complete list of Stratfor’s clients. The United States Air Force, Goldman Sachs, and financial broker MF Global were all included on the list.

Stratfor's website was down on Sunday, with a banner telling visitors it was "currently undergoing maintenance."