Slashdot Mirror

← Back to Stories (view on slashdot.org)

13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

Posted by timothy on from the watch-your-bill dept.

The Daily Dot reports that yesterday a "group claiming affiliation with the loose hacker collective Anonymous released a document containing approximately 13,000 username-and-password combinations along with credit card numbers and expiration dates." Most of the sites listed are distinctly NSFW, among other places, but the list includes some of the largest retailers, too, notably Amazon and Wal-Mart.

3 of 149 comments (clear)

  1. yep. I provide security to some ofthe listed sites by raymorris · · Score: 5, Informative

    Most of the listed sites have far more than 13,000 registered users, so access to the member database of just ONE of the sites would have yielded a much larger dump.

    Also, some of the sites store only a properly salted, modern hash of the password, so there's almost no way to get passwords from the sites' servers.

    It's pretty clear the hack is in the client side. We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

    Source - I designed the authentication and authorization systems for some of those sites.

  2. Is the word "and" copyrighted? by wonkey_monkey · · Score: 5, Insightful

    13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

    Replacing the word "and" with commas pointless, annoying.

    --
    systemd is Roko's Basilisk.
  3. Fake, clickbait scam by Anonymous Coward · · Score: 5, Insightful

    Took me less then 5 minutes to figure out this is a click bait scam using collections of older password leaks and money for clicks URL referers. And the 'news' are eating it raw, generating fear and helping it spread. Which is exactly how this scam was designed to work.