14 DAY TRIAL // Hackers affiliated with Anonymous' Operation Antisec have hacked into the website of BPM, a large conference dedicated to DJing and the production of electronic music.
BPM takes place every year in Birmingham, UK, and it is attended by DJs, producers, performers, promoters, venue owners/managers, equipment retailers/installers, record label representatives, students and other music enthusiasts.
A hacker calling himself p0keu claims to have hacked the event's website, visitbpm.co.uk, and extracted the entire user database.
He then leaked a list of over 750 usernames, email addresses and plaintext passwords on pastebin.
Even though the hacker mentions Antisec in his release, it's not clear how this leak fits the campaign goals.
Operation Anti-Security (Antisec) was launched by the notorious hacking outfit LulzSec before it disbanded at the end of last month.
The campaign was supposed to target corrupt governments and called for hacking attacks against official agencies and organizations tied to them.
It doesn't appear that BPM has any direct connection to government business which suggests that hackers are back at targeting websites at random.
All users who had an account on visitbpm.co.uk are advised to change their password immediately on all websites where they might have used it.
Recent leaks are proof that password reuse is still a major problem that can lead to serious consequences. People might not care much about their account on an event website, but if they also used the same password for their email or PayPal, they face serious risks.
The storage of passwords in plain text also appears to be a widespread problem, despite password hashing being a standard in web development for a decade now. BPM was established in 2007, so its webmasters have no excuse for storing passwords in this insecure manner.