The list is mostly American accounts but includes hundreds of Canadians, including a CBC journalist from Prince Edward Island, and employees of all three levels of government, including provincial public servants in Alberta, Nova Scotia, and Prince Edward Island and at least one municipal worker in Whitehorse.
Other countries whose citizens were hacked include the United Kingdom, Australia, New Zealand and Brazil.
On its Twitter account, LulzSec said it uploaded the file to a file-sharing site Thursday morning. The site took it down, but it was uploaded again Thursday evening and taken down once more. LulzSec reported thousands of downloads before it was removed.
The group's Twitter feed contains bragging from people who claim to have taken the information and logged on to people's personal sites: taking money from PayPal accounts, replacing dating site profile pictures with pornographic images, and engaging in chats using other people's Facebook accounts.
"Envelope yourself in the sickening realization that you secretly love f--king someone's Facebook life beyond repair," says one tweet from LulzSec.
People concerned that they may be on the list can protect themselves by changing their passwords, provided no one else has already done that using their log-in information. Dazzlepod.com has published a list of emails hacked by LulzSec so people can check if their accounts are at risk.
Lulz Security, also known as LulzSec, was also in the news this week after claiming it had attacked the websites of the CIA and the U.S. Senate. It had previously taken credit for hacking into the systems of Sony and Nintendo and for posting a fake story about dead rapper Tupac Shakur on the PBS website after the public television broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange.
Responding to the news Friday, PayPal Canada stressed through a spokesman that its site security has in no way been breached. "The hacker acquired usernames and passwords via another, less secure site, and is encouraging criminals to try the username/password combinations on PayPal.com.
"These usernames and passwords are not necessarily associated with PayPal, but if people have used the same usernames/passwords for multiple sites, including PayPal, then their accounts could be accessed by another person."
The spokesman added that PayPal monitors accounts for unusual activity patterns and will contact customers if wrongdoing is suspected.
No hay comentarios:
Publicar un comentario