After high profile takedowns of PBS and Sony, the anarchic hacker group LulzSec now seems determined to maximize its exploits’ embarrassment factor.
On Friday afternoon the group announced that it had stolen and posted administrative emails and passwords for 55 porn sites, along with another 26,000 emails and passwords for users of the sex site Pron.com.
“Hi! We like porn (sometimes), so these are email/password combinations from pron.com which we plundered for the lulz,” reads a statement posted to the group’s website Lulzsecurity.com.
Those email addresses can’t be used to access users’ accounts on Pron.com without an additional username. But the posted data violates those users’ privacy on a more basic level, exposing them as visitors to the highly not-safe-for-work site. The group took special pleasure in pointing out that six of those users had signed up for the site using their government or military .gov and .mil email accounts.
LulzSec, a which has ties to the hacker collective Anonymous, has become one of the least predictable forces in the world of cybersecurity since it emerged just two weeks ago. After defacing the website of PBS and exposing many of its employees’ personal information in retaliation for a negative documentary program on WikiLeaks, it proceeded to target Sony, compromising one million passwords and leaking the source code for the Sony Computer Entertainment Developer Network.
In just the last 24 hours, LulzSec seemed to temporarily adopt more “whitehat” hacker practices, notifying the British National Health Service to password vulnerabilities on its network and taking down a Muslim extremist website. But the latest porn hack shows just how wildly the group is varying its targets. “We have no direct plans for targets today, but we’ll think of something,” LulzSec wrote on its Twitter feed just hours earlier. “Improvisation is a required Lulz Boat skill!”
Saw some of the passwords by accident (being serious) and my god are they ridiculous. So simple. Not sure how this was done though.