On Friday, a group claiming affiliation with the loose hacker collective Anonymous released a document containing approximately 13,000 username-and-password combinations along with credit card numbers and expiration dates.
You might want to change your password and start monitoring your credit card for any suspicious charges.
The stolen personal information was released in a massive text file posted the document sharing site Ghostbin. The compromised sites run the gamut from pornography to gaming to online shopping.
Some of the most significant leaks came from online video gaming networks like Xbox Live, the Sony PlayStation Network, and Twitch.tv. There was information from accounts at Walmart, Amazon, and Hulu Plus, as well as keys to computer games like The Sims 3 and Dragon Age: Origins, and a whole lot of porn sites.
Some Anonymous members have pushed back on the assertion that this leak had anything to do with the hacktivist group. Anonymous has no official leadership or centralized organizational structure; instead, it functions as a loose affiliation of computer hackers that join together in support of various causes, ranging from battles with the Church of Scientology to doxing members of the KKK. If hackers branding themselves as Anonymous carry out a particular action, it doesn't necessarily mean it's any of the same people who have carried out any other Anonymous-branded action.
Judging from the document, the following sites were compromised or, at the very least, had some of their user data stolen—possibly through malware installed onto users' personal devices or other nefarious methods.
While it's difficult at this point to definitively know how the hackers acquired the material, Chris Davis, a cybersecurity researcher and fellow at the University of Toronto's Munk School of Global Affairs, hypothesized that one likely possibility, based on the information contained in the leak, is that the hackers made use of a botnet. "The list of credentials [in the published list] fits that bill pretty well," he explained.
Just to be on the safe side, if you have an account with any of these places, you might want to change your password and start monitoring your credit card for any suspicious charges.
- PlayStation Network
- Xbox Live
- Hulu Plus
In a effort to be topical, the hackers also put up a link to where people can download a copy of The Interview, for freedom.This holiday season has been a busy one for high-profile cyberattacks. On Christmas Day, a hacker collective called Lizard Squad shut down both Xbox Live and the PlayStation Network, before turning their attention to the online anonymity network Tor.
Update: The story has been updated with information about the Anonymous affiliation of the hackers and about the nature of Anonymous itself. It has also been updated to indicate that not all of the sites themselves have necessarily been compromised; instead, malware installed on the computers of individual users could have been responsible for some of the security breaches.
Photo via edans/Flickr (CC BY 2.0)