24 million accounts hacked

[Moderator]

Full Story...

Here we go again...

I remember when hacking was done to just prove there were holes in security. Now it seems that 'hacking' is done to be a big pain in everyone's asses. Making script kiddies think there 'oh so cool'.
Well done 'new scripies, yeah just made a word up' all your doing is stopping people using the web for anything other than registering there name, as a human.. a human with feet... and not with a youtube/facebook/twitter account, but you attack them as well.
Some 'hackers', are  posting personal identifiable information to sites to make us all feel like.. I don't know? Better? NO...

I'm sick of this now... 'freedom of information' and the such in the 90's was cool, now it's just causing problems for everyone. I'm tired of this.

If you ask me, the problem isn't the hackers, it's the fact that corporations regard security as an afterthought. Then this happens and they act like the innocent victim. Warranted, they are victim (well really the customers are) But if you drive down the road and hit a pothole, you're no more a victim of the pothole as you are a victim of your own carelessless to avoid it. Much as driving without due care and attention means you aren't a "victim" when things go wrong, putting up a publically accessible server without due care and attention to securing it and keeping it secure is the same. The stories don't actually expound on what gave the hackers access, but I'd be willing to bet it was something like a root password being "password" or something stupid like that. It's irresponsible to leave the keys under the doormat.

People think of "hackers" as a cyber-burglar with all the gear like a window cutter to make perfect cuts silently in a window, night-vision goggles, dust to detect laser scanners, perhaps the severed thumb of a security detail that they took down with a silenced sniper scope at the front gate, etc. They think of them as "professionals" at hacking. But what is usually the case is that it's no different than some shifty guy walking down the street and seeing who left their car door unlocked with the keys in the ignition.

I'm sick of this now... 'freedom of information' and the such in the 90's was cool, now it's just causing problems for everyone. I'm tired of this.

1984 much?

1984 much?

Not sure what your saying.

Not sure what your saying.

Exactly my point!

Anyhow, that nasy "freedom of information" is being dealt with as we speak: http://open.youyuxi.com/

Exactly my point!

Anyhow, that nasy "freedom of information" is being dealt with as we speak: http://open.youyuxi.com/

I think, Mulreay's point is that even though hackers will claim they are doing it because "information wants to be free" They are just doing it because they are douchebags.

I think, Mulreay's point is that even though hackers will claim they are doing it because "information wants to be free" They are just doing it because they are douchebags.

Indeed.

Oh. Well. As you were, then!

[Moderator]

To add to BC's comment i remember a large hack recently where the Admin name was Password...and the Password was Admin...
Just brilliant...

To add to BC's comment i remember a large hack recently where the Admin name was Password...and the Password was Admin...
Just brilliant...

Never underestimate the predictability of stupidity.

[Moderator]

I've read of people using "invalid"...cause the most common error message states " Your password is invalid"....

<Joke>

They should charge for returns and spend the money on security.

I used to use a pwd for almost everything that could have probably been hacked via a dictionary attack. I changed my passwords for everything to unique, randomly generated strings of 15 characters (except one, which I made a humourous phrase about bears) . This was when I discovered two things- a keylogger had managed to get itself on my machine (I had noticed the errant process fairly soon after it showed up but didn't have time to scan until a few days later);  and shortly after I noticed several delivery status notifications telling me that a message couldn't be delivered to some contact I hadn't heard from in years. And then tried to access my website cpanel and was greeted with a lockout page informing me that the account was locked out because attempts were being made to brute force the password.

I went through all my various accounts and changed every single password to it's own unique randomized string (and contacted my webhost support via the support system and had them reset the password and whitelist my IP).

Of course it's still a huge pain when firefox forgets the saved password, since I'll have to look it up, but at least I can be fairly sure that a compromise of any one site (announced or not) won't possibly compromise my other accounts. My guess is that some site I signed up for using that password was compromised and those who got the data were able to determine the name of my analogous accounts in other services and managed to break in.

Though that also reminds me of a interesting time when somebody on the minecraft forums released a "hacking tool" that claimed to give you OP status on any server you joined. Reading the posts, some users were complaining that it didn't work (big surprise) and then (to his mistake) the original creator gloated about how clever he was in stealing all the users passwords using "advanced technologies".

I decompiled it and discovered of course that it did nothing more than try to steal the (minecraft) account password you gave it. The interesting bit is that it included a gmail account and it's password to send that information too; so I logged into that, changed the password, and posted a warning on the forum for those users who had their information compromised. Then, using that Gmail account I looked at the various messages from other services (such as paypal) and was able to use their password reset procedure to change the passwords to all of them, posted their paypal transaction history via paypal, cancelled a bunch of transactions, used the gmail account to reset their hotmail, and get access to that, continued the process.. etc. I basically made a gigantic mess of things that would take some time for them to clean up.

I presume most "hacking" is more or less like that; just taking advantage of one simple mistake (such as embedding a user/password combo in a program) snowballs because accounts are often connected by way of things like password reset and so forth.

I decompiled it and discovered of course that it did nothing more than try to steal the (minecraft) account password you gave it. The interesting bit is that it included a gmail account and it's password to send that information too; so I logged into that, changed the password, and posted a warning on the forum for those users who had their information compromised. Then, using that Gmail account I looked at the various messages from other services (such as paypal) and was able to use their password reset procedure to change the passwords to all of them, posted their paypal transaction history via paypal, cancelled a bunch of transactions, used the gmail account to reset their

Brilliant.

This is the email I got if any of you haven't see it already.