DerpTrolling wants to establish "serious hackers" reputation

Nov 22, 2014 11:50 GMT  ·  By

A hacker group calling itself DerpTrolling has published a list of 5,604 usernames and passwords claiming to belong to active users of the PlayStation Network, 2K and Windows Live gaming services.

The hackers warned that this was only a fragment of the database of credentials allegedly stolen from the computer systems of the aforementioned networks.

Even without this detail, all clients of the three services should change their passwords immediately in order to eliminate any account hijacking risk.

Hackers claim possession of huge list of credentials

In a post on PasteBin, which is currently removed, DerpTrolling said that as far as the gaming industry was concerned, they managed to get their hands on as many as 800,000 log-ins from 2K , 200,000 belonging to Windows Live and 1.7 million log-ins for EA Origins accounts.

Apart from this, the group claimed possession of access information for 3 million Facebook profiles, more than 600,000 Twitter log-ins, some 2 million Comcast credentials, and 1.2 million credentials belonging to the CIA domain.

All summed up, it would make a database with about seven million usernames and passwords.

Probably because of touting possession of such large a number of account details, the online community speculates that the database may be fake.

LastPass took a look at the file containing entries for 2,131 PSN users, 1,473 for Windows Live users and 2,000 for 2K Games users, and determined that this information was valid.

Entries appear in leaks resulting from other hacks

After examining the data, Rik Ferguson, vice-president of research at Trend Micro, told The Guardian that it contained plenty of entries from other breaches.

However, some of credentials seemed to be unique to the database dumped by DerpTrolling; then again, it could be from other hacks that have not been documented by the security company.

The gaming companies allegedly affected by the incident have not released any official statement providing new information.

DerpTrolling has been linked to other incidents in the gaming industry, as it claimed responsibility for the DDoS attack on Blizzard’s servers late last week.

The group said that the current credentials database leak was to establish their reputation as serious hackers in the cyber outlaw community. In support of this, the outfit claimed connections with other hacker groups, such as Anonymous, RedHack, LulzSec, with which they were involved in conducting DDoS attacks against various entities.

A Twitter profile (@GabenTheLord) was used by the hackers for public disclosure of their nefarious online activities; at the moment, the microblogging account is suspended.

Game account log-ins at risk, or not (5 Images)

Hacker group claims huge list of log-in information
DerpTrolling claims having credentials for Windows Live accountsHackers say they have log-ins of PSN users
+2more