14 DAY TRIAL // The notorious LulzSec hacking outfit has leaked over 26,000 email addresses and plain text passwords stolen from the database of an adult website.
After dumping the data online, the group encouraged people to try the login credentials on Facebook and tell the victims' family members how they signed up for the adult site.
The reason? Just for fun. "Watch the hilarity. Tell us about it on twitter!" the hackers wrote in their announcement.
Fortunately, word of the potential abuse quickly reached Facebook's security team which forced password resets for all accounts corresponding to those email addresses.
This impressed LulzSec members, but also gave them new ideas for future attacks. "Props to Facebook security for locking all emails located on our list so fast. That's the kind of security that earns a tip of our hat," the hackers wrote.
"Hmm... so Facebook automatically locks every email on our list... exploitable. >:] Until next time, Facebook. Bwahahaha," they later tweeted.
LulzSec pointed out that there were a number of .gov and .mil email addresses registered on the compromised site, as well as some 55 accounts belonging to admins of other adult portals.
The group didn't stop with this leak. It also published the personal information (dox) of executive officers and other employees from vulnerability research company Endgame Systems and anti-DDoS solutions provider Prolexic Technologies.
The dox didn't only include information about these individuals themselves, but also their spouses, children and other family members, and their respective social media accounts.
Endgame Systems is a company set up by former ISS and CIA executives with the purpose of selling offensive security solutions and zero-day vulnerability information. The HBGary Federal email leak from earlier this year revealed that the company and its management make significant efforts to keep a low profile.
Meanwhile, Prolexic Technologies has made a selling point from the DDoS attacks orchestrated by Anonymous. In 2010 the company helped firms considered by the hacktivist group as WikiLeaks enemies to protect themselves.