Miscreants are already using the user names and passwords of thousands of people leaked on to the web to break into Facebook and PayPal accounts and one claims to have bought a packet of condoms "for an elderly woman" on the online store Amazon.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The LulzSec hacker group was responsible for the leak of 62,000 email addresses and passwords, which were downloaded a claimed 2100 times in the first 4 minutes after release.
It comes after the same group claimed several high-profile scalps including the CIA, US Senate, an FBI affiliate, Sony and several video games companies. It didn't say where it got the latest dump of details from.
The federal government has this afternoon warned people to use different passwords for each of their online activities after the leaked passwords were used to access an array of online accounts of the affected users, including email, PayPal and Facebook.
Users responding to the leak on Twitter claimed to have used the details to break-in to Facebook accounts and to prank peoples' friends. Some have also claimed to have accessed users' funds on PayPal.
A number of the leaked login details relate to .com.au email addresses and several government departments and councils. These accounts included AusAID, the Victorian Department of Childhood and Early Education, Emergency Services Telecommunications Authority in Victoria and several local councils in NSW and Victoria.
The hackers are able to access multiple accounts using the leaked details as many web users use the same passwords across various sites and services.
LulzSec hosted the text file containing the leaked details on a third-party website, which removed it soon after it was posted. The group then posted it a second time before the site MediaFire pounced again to remove it.
But the removal came too late and the passwords have already spread like wildfire.
"Cheers for the PayPal account with £250 in it!," replied one user to LulzSec's account on Twitter, pressumably referring to being able to access a user's funds using one of the email addresses and passwords of one of the accounts that was leaked.
Another user claimed to have "ordered a large pack of condoms for an elderly woman on Amazon".
Others posted screen shots of them being able to access people's Facebook accounts. One said they broke into a girl's Facebook account and told the girl's boyfriend that they would no longer have sex with them. The boy, according to the person that broke in, said they understood why.
Web users have also claimed to have been able to access the online accounts of a number of other services the leaked accounts have access to, including Xbox Live, Twitter and YouTube.
A spokesman for the attorney-general, Robert McClelland, said the government was aware of the reports of the LulzSec attacks.
‘‘From the information available to date, it appears any breaches are likely to have occurred outside Australia but that the information compromised may pose a potential risk to systems within Australia,’’ the spokesman said.
"CERT Australia is working with relevant agencies to ensure that the owners of Australian networks potentially affected are aware of the issue."
The government said cyber security was a "top national security priority’’ and that it was constantly strengthening measures to protect against threats.
"Reports of incidents such as this highlight the importance of using different passwords for different purposes,’’ the spokesman said.
The government recently published the second edition of its publication Protecting Yourself Online - What Everyone Needs to Know. The document contains tips to improve online security and can be found here.
Normal 0 false false false EN-AU X-NONE X-NONE MicrosoftInternetExplorer4
A spokesman for the attorney-general, Robert McClelland, said the government was aware of the reports of the LulzSec attacks.
‘‘From the information available to date, it appears any breaches are likely to have occurred outside Australia but that the information compromised may pose a potential risk to systems within Australia,’’ the spokesman said.
‘‘CERT Australia is working with relevant agencies to ensure that the owners of Australian networks potentially affected are aware of the issue.’’
The government said cyber security was a ‘‘top national security priority’’ and that it was constantly strengthening measures to protect against threats.
‘‘Reports of incidents such as this highlight the importance of using different passwords for different purposes,’’ the spokesman said.
The government recently published the second edition of its publication Protecting Yourself Online - What Everyone Needs to Know. The document contains tips to improve online security and can be found here.