26,000 email addresses and passwords leaked. Check this list to see if you're included.

26,000 email addresses and passwords leaked. Check this list to see if you're included.

Summary: Take a few minutes to see if your email address and/or password is included on this list. It may save you a headache or two down the road.

SHARE:
TOPICS: Collaboration
72

The Lulz Boat

The Lulz Boat

On Friday, June 10, the infamous hacker group "Lulz Security" (of Sony and PBS fame) released a text file onto the Internet that contains "around 26,000" email addresses and passwords.

While this list is bad enough on its own, they add insult to injury with the way they culminated it: by hacking into various pornographic Web sites. That means that some people could be in for a world of hurt/embarrassment if their friends, family, or significant others decide to rummage through the results. To quote:

"Hi! We like porn (sometimes), so these are email/password combinations from pron.com which we plundered for the lulz. Check out these government and military email addresses that signed up to the porn site... They are too busy fapping to defend their country:

Yes, there are even some government and military email addresses included. All that says to me, personally, is that human beings work for government and military establishments. That may be a bit too much for some people to handle and maybe these people could have chosen better email addresses to use for these endeavors outside of their professional ones, but the message implied by Lulz Security isn't necessarily the correct takeaway.

Anyway, even worse than being confronted by one's significant other is the fact that this is ultimately a list of email addresses and passwords. And as many of us in the security realm are aware of, people like to use simple passwords and they like to use the same password for everything, if they can help it. This means that people included on this list stand the risk of personal invasion in a multitude of ways: Facebook, Twitter, email -- and possibly to a more detrimental extent -- bank accounts.

To see if you're on the list they released, follow the steps below:

  • 1 - Click here to view the list.
  • 2 - Press CTRL + F to bring up your browser's search function.
  • 3 - Type in any and all email addresses of yours and see if any results are found.
  • 4a - If you find results, go and immediately change your password everywhere you can think of. And this time, make it something more complex: include mixed case letters, numbers, and symbols.
  • 4b - If you do not find any results, you may want to consider either linking someone you know/care about to this post so they can follow these steps, or you might just do a few additional searches to see if you can find anyone you would like to make aware of the issue.

Now, although my name wasn't on this list, I know what it's like to have personal data like this leaked to some degree since my information was amongst the Gawker data that was leaked in December of last year. Luckily, I used a unique complex pass phrase instead of a simple password with that account, so I was good to go.

With all of the hacking activity going on these days, I think it's safe to say that the world is sitting a bit closer to the edge of their seats. As such, now is the time for people to start learning how to use complex pass phrases and get the word "password" out of their vocabulary where at all possible. This also means that sites and platforms need to stop enforcing simple passwords and start requiring special characters, mixed case, and alpha-numeric combinations.

What/who will Lulz Security's next target be? Well, since they're the voluntary celebrity hackers these days who are out to make a name for themselves via culminating and releasing lists of email addresses and passwords, you may want to consider following them on Twitter to keep up with the latest. The earlier you find out if you're inadvertently involved in a future experiment of theirs, the better for you to do something about it ASAP.

Make today the day you decide to consider stronger passwords! If you do, you may just save yourself a headache or three in the long run.

-Stephen Chapman SEO Whistleblower

Related Stories

Topic: Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

72 comments
Log in or register to join the discussion
  • RE: 26,000 email addresses and passwords leaked.

    One should never use his/her primary E-Mail ID to sign up into various websites, including porn sites. A separate GMail, Hotmail or any free webmail account should be kept for that.
    Raju Das
    • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

      @Raju Das
      It's not such a big deal if you use two factor authentication as I do. But I also use convoluted forwarding chains with alternate emails that all land in my main account's inbox.
      Gmail is so versatile it's not even funny. :P
      ZazieLavender
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @ZazieLavender <br>Two factor ... is that where you know something and you're holding something?
        GWCC
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @ZazieLavender O noes! I iz leaked! :P

        El mejor <strong><a href="http://www.preciolandia.com/co/">precio</a></strong> de Colombia. Lo mejor para las compras y ventas en <strong><a href="http://www.preciolandia.com/ar/">Compras</a></strong> y
        <strong><a href="http://www.preciolandia.com/mx/">Ventas</a></strong>. Si necesitas la mejor <strong><a href="http://www.preciolandia.com/ve/">Oportunidad</a></strong> para comprar tecnologia con precios de descuento, no lo dudes m??s, est?? todo aqui. En nuestra
        <strong><a href="http://www.preciolandia.com/br/">Loja</a></strong> Brasil!
        compras2
        • FUCK YOU

          FUCK
          hasangotveren
    • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

      @Raju Das Spot On
      Ashtonian
    • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

      @Raju Das
      In terms of this, just think about this -- name, address, phone, date of birth, approximate income level are generally available on most people at sites like Spokeo that index public records.

      Once you have that information, you can sign any person up for any website, and then post that you found them on xyz porn site. I don't think it's particularly odd that there would be a lot of work e-mails in a promotional website, because a lot of people cheat those random drawing sorts of sites, by using multiple e-mail addresses. If you have 18, 20, 40 e-mail addresses, you can enter the random raffle 18, 20 or 40 times if there's not adequate checks. It's just like how people do rebates, by having the checks sent to their friend's houses/names, because of the one per household limit or w/e, except it's several orders of magnitude easier.
      davebac
  • Not sure...

    ... why you would link to their site? Maybe instead just make a new list of the emails only.
    x21x
    • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

      @x21x
      Wonder how many people looked to seeif theirs was on the list?
      :)
      rhonin
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        i need id and pass now
        godsentcash
    • RE: Not sure...

      @x21x

      Yeah, wtf with linking to the lulz site??
      mmck
      • Why not?

        @mmck I linked to the source of the information; something that most people demand of someone in my shoes (a writer writing about topics like this). I would personally want to be directly-linked to the source of the information as well. I understand the criticism, but I'm not going to sugarcoat the issue.

        -Stephen
        StephenChapman
      • ZDNet: fix your damned comment system

        @StephenChapman

        Um, then you need to go back to journalism school, as this is NOT what the sourcing requirements are talking about.
        DeusXMachina
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @mmck

        what are you afraid? Its the source of the article, Lulz obviously wants you to see it, to prove a point...
        5FingerDiscount
      • Never been; I'm not a journalist.

        @DeusXMachina I'm simply a writer.

        Anyway, your ethical beliefs of the issue aren't the rule. Technically, there are no issues sourcing this story as I have. If there were, my senior editor or editor-in-chief would have intervened.
        StephenChapman
      • ZDNet: fix your damned comment system

        @StephenChapman<br>You are looking at this backwards. The issue is not one of citing your sources, it is one of providing unnecessary publicity and traffic to the likes of lulz. It is possible to cite them WITHOUT linking to their site. Besides which, they are not your original source, anyway. They are the perpetrators of the crime about which you are reporting. These are two VERY different things.<br><br>And if by editor, you are meaning Mr. Dignan, he has issues of his own.<br><br>As for not being a journalist, that is debatable, but once one begins reporting about events, regardless of what one wishes to call oneself, certain ethical issues attach. They are not applicable simply because a person calls themselves a journalist, but are inherent in the nature of the act of reporting.
        DeusXMachina
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @mmck I don't know... while I have no worries about my own information being on that particular list, I do appreciate a way to easily check such leaked data lists to make sure my passwords are still relatively safe. A similar (hash-based) search was available back when the Gawker leak occurred. The data has been made available--might as well let the less savvy (most probable victims) have access to it to Ctrl+F it--not just those who'd use it for malicious purposes.
        SenorAlejandro
    • Re: Not sure...

      @x21x Agreed, I'd not go to their site. And hovering the link does not indicate that that is where you'd go. WTF. If "they released a text file" then the author could provide a neutral site that has the file where these guys won't be harvesting more addresses. Which they will. That not being the case, screw it.
      dszimmer
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @dszimmer justpaste.it is as much a "neutral" site as, say, imageshack.us. :v
        SenorAlejandro
      • RE: 26,000 email addresses and passwords leaked. Check this list to see if you're included.

        @dszimmer How does clicking on a text file link steal your e-mail address? Can it read your mind too?
        jgm@...