14 DAY TRIAL // A hacker known as p0keu who claims to be affiliated with the Antisec movement, has leaked usernames, email addresses and passwords stolen from several seemingly random websites.
During the course of less than a day, p0keu published sensitive information extracted from the databases of five different websites.
The first dump was from the website of a DJing conference called BPM and consisted of 750 usernames and plaintext passwords.
The hacker then exposed several administrative credentials from an online gaming website for young girls.
This was followed by a huge dump of 1,500 usernames, email addresses and hashed passwords from www.tamilcanadian.com, a news site addressed to Tamil speakers living in Canada.
A few hours later, the hacker exposed ten administrative accounts from the Washington County school district website. All of them used the same password.
Around 500 email addresses and access codes in crackable MD5 hash form were leaked from kulturdirekt.se, a website listing cultural events in Stockholm.
The method used to extract the information from these websites has not been revealed, but the most likely candidate is SQL injection. The hacker didn't make his motives clear either and the sites don't seem to have anything in common except from being exploitable.
Considering that the p0keu's Twitter account lists "tr0llc4mp" (troll camp) as location and #tr0ll is mentioned in one of his dumps, the hacker is likely just trying to cause trouble and attract attention to himself.
While reminiscent of LulzSec, this indiscriminate leaking of sensitive information from random websites does not fit the stated goals of the Antisec campaign - to attack corrupt governments and affiliated organizations.
The users of these websites should change their passwords immediately and start using different ones for every website in order to avoid creating a single point of compromise. There are free password managers that integrate well with all browsers and mobile devices and can help users maintain a large number of access codes.