LulzSec leaks 62,000 emails and passwords, also targets CIA

Summary:Another day, another LulzSec leak. This time, they've targeted the CIA and leaked a list of 62,000+ email addresses and passwords. Check to see if your name is on the list!

The infamous rogue hacker group, Lulz Security, is back again with claims of packet-flooding the CIA's Web site and leaking another lengthy list of email addresses and passwords.

CIA

Following their recent exploits with the U.S. Senate website, LulzSec has now made the CIA their target via a packet-flooding attack. While it's highly unlikely that the CIA's Website has any sensitive data residing on it, the notion of such a high profile target being attacked is bad enough. To be fair, packet-flooding simply means they crashed the CIA's server, but it can be a rather problematic issue to network health if certain precautions aren't taken. The key takeaway here is the target of the attack. Per LulzSec's Twitter feed:

LulzSec Targets CIA

LulzSec Targets CIA

LulzSec says they packet-flooded the CIA

LulzSec says they packet-flooded the CIA

In the second tweet, their proclamation of their most severe exploit at this point is the release of internal information from Bethesda Software. The release included server admin configurations, admin staff and blog user hashes, server logs, and mappings of Arkane, Bethblog, Brink codes, Brink signups, IDSoftware, Rage, and more.

While far more data was released with the Bethesda attack, the reason the CIA attack is considered their biggest is because of who it is, thus the potential repercussions.

Emails and Passwords

The last LulzSec-released list of email addresses and passwords totaled 26,000, and they were all obtained via hacked pornographic sites. This time, they're keeping quiet about the sources of this latest list of culminated addresses. Regardless of the sources, here are 62,000+ email addresses and passwords just released. From their Twitter feed:

LulzSec releases 62,000 emails/passwords

LulzSec releases 62,000 emails/passwords

Many users have taken to Twitter to let LulzSec know either how they have been attacked due to the leaked list, or how they have benefited by exploiting the leaked information. Make no mistake, LulzSec is essentially releasing this information into the hands of people with malicious intentions.

As with before, it is highly advised that you download the list and check for your email address so as to change your password. You can obtain the leaked list here (visit the link to download the file). Use the "find/search" functionality of your browser/text viewer to search for your email address once you download the 2.25 MB text file. Update: The file has been removed. As such, you can go here to a tool created by Gizmodo and type in your email address to see if you're on the list.

While neither of these latest activities were posted to LulzSec's blog as official releases, it's clear that they intend on utilizing any and every avenue they can to show off their exploits.

Lastly, while the image of a small group of individuals comes to mind in regards to the make-up of LulzSec, there is increasing speculation that the group -- along with the equally-notorious rogue hacker group, Anonymous -- is actually comprised of many people; possibly thousands. If true, this makes the efforts of these groups much more difficult to stop. However, as entities like the CIA and the U.S. Senate are targets of these groups, we may all soon find out just what the make of these groups really is.

How do you feel about LulzSec's latest actions? Share your thoughts in the comments below!

-Stephen Chapman SEO Whistleblower

Topics: Security, Collaboration

About

Stephen is a freelance writer and blogger based in Charlotte, NC. His contributions to ZDNet cover topics related to security, gaming, Microsoft, Apple, and other topics of interest with a tech/SMB skew.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.