Hackers publish stolen PayPal login credentials
Posted on 28 June 2011.
LulzSec has been assimilated back into Anonymous, but their AntiSec campaign keeps going.

It seems that their final wish has been granted for now, and other hacking groups continued the work they have started.

If you take a look at the AnonymousIRC Twitter feed, you can see a number of links offering data dumps from Anguilla, Brazil, Zimbabwe and Australian government servers and a couple of links to "wild leaks". Among all of them is a link to Pastebin posts containing more than 150 MySpace and fifty PayPal login credentials.

SC Magazine Australia reports that they have contacted the group behind those data dumps and that they claim they have harvested that information by sniffing it out from insecure wireless networks set up in US restaurants and stores.

The group calls itself D3V29, and they say that they manage to do this by using a sniffer software they built themselves. But Lucian Constantin points out that it is doubtful they gathered the credentials in this way - especially when it comes to PayPal credentials.

"There is one problem with this theory though ó PayPal uses HTTPS for login, and so do most modern websites. This ensures that passwords are not transmitted in plaintext form," he says. "It is more likely that these hackers used phishing or a trojan to steal the login credentials than a WiFi-based attack."

The group has confirmed that their action was a way to join the Operation AntiSec. In the meantime, their Twitter feed has been downed and they have been asking for Bitcoin donations. Somehow it doesn't strike me as an auspicious beginning.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th