On Friday, June 10, the infamous hacker group "Lulz Security" (of Sony and PBS fame) released a text file onto the Internet that contains "around 26,000" email addresses and passwords.
While this list is bad enough on its own, they add insult to injury with the way they culminated it: by hacking into various pornographic Web sites. That means that some people could be in for a world of hurt/embarrassment if their friends, family, or significant others decide to rummage through the results. To quote:
"Hi! We like porn (sometimes), so these are email/password combinations from pron.com which we plundered for the lulz. Check out these government and military email addresses that signed up to the porn site... They are too busy fapping to defend their country:
Yes, there are even some government and military email addresses included. All that says to me, personally, is that human beings work for government and military establishments. That may be a bit too much for some people to handle and maybe these people could have chosen better email addresses to use for these endeavors outside of their professional ones, but the message implied by Lulz Security isn't necessarily the correct takeaway.
Anyway, even worse than being confronted by one's significant other is the fact that this is ultimately a list of email addresses and passwords. And as many of us in the security realm are aware of, people like to use simple passwords and they like to use the same password for everything, if they can help it. This means that people included on this list stand the risk of personal invasion in a multitude of ways: Facebook, Twitter, email -- and possibly to a more detrimental extent -- bank accounts.
To see if you're on the list they released, follow the steps below:
2 - Press CTRL + F to bring up your browser's search function.
3 - Type in any and all email addresses of yours and see if any results are found.
4a - If you find results, go and immediately change your password everywhere you can think of. And this time, make it something more complex: include mixed case letters, numbers, and symbols.
4b - If you do not find any results, you may want to consider either linking someone you know/care about to this post so they can follow these steps, or you might just do a few additional searches to see if you can find anyone you would like to make aware of the issue.
Now, although my name wasn't on this list, I know what it's like to have personal data like this leaked to some degree since my information was amongst the Gawker data that was leaked in December of last year. Luckily, I used a unique complex pass phrase instead of a simple password with that account, so I was good to go.
With all of the hacking activity going on these days, I think it's safe to say that the world is sitting a bit closer to the edge of their seats. As such, now is the time for people to start learning how to use complex pass phrases and get the word "password" out of their vocabulary where at all possible. This also means that sites and platforms need to stop enforcing simple passwords and start requiring special characters, mixed case, and alpha-numeric combinations.
What/who will Lulz Security's next target be? Well, since they're the voluntary celebrity hackers these days who are out to make a name for themselves via culminating and releasing lists of email addresses and passwords, you may want to consider following them on Twitter to keep up with the latest. The earlier you find out if you're inadvertently involved in a future experiment of theirs, the better for you to do something about it ASAP.
Make today the day you decide to consider stronger passwords! If you do, you may just save yourself a headache or three in the long run.