Tally Ho! Another Breach!
May is turning out to be just like March in the realm of high visibility breaches. There was Epsilon, and Ashampoo last month and this month we've seen the big debacle with Sony, Michael's of Chicago and some "strange network activity" on the servers of LastPass. Well, here's another one, a new hacker group on the scene that goes by the name of LulzSec or the Lulz Boat has hacked their way into database servers belonging to the Fox Broadcasting Network. The group has since made public what appears to be about 360 Fox employee email addresses and passwords. Claiming they did it "For the lulz! Fox sucks and we like using them as punching bags for our entertainment."
Judging by these passwords and their very poor security practices, there is an extreme possibility that a lot of these users are using the same password across multiple sites which can create some very bad situations for those affected. Hopefully they have changed them by now, and hopefully they'll pick better ones. Out of this list, the password "password" shows up many times. A few people mixed letters and numbers or added a number after a word in all lower-case, but no one used a single complex password comprised of letters, numbers, symbols, punctuation, upper and lower case. Granted it wouldn't have done them much good in this situation as the database server was hacked, but there could've been a better personal effort made, but I digress.
The group has also released a list of insecure php pages belonging to Fox, a list of another 900 employee user names and log-ins which are still hashed, as well as 73,000 2011 X Factor contestant names and contact information on Pirate Bay. The Pirate Bay listing was made last week so we'll give them a break for Rebecca Black meme reference (please make it stop) as they posted: "We're LulzSec, a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun. Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calender year."
I'm guessing we'll be seeing more from these guys soon, secure your data!