Anonymous Compromises Alabama Government Site, Details of 4,000 Bankers Exposed

Anonymous hackers continue Operation Last Resort (OpLastResort). In the latest phase of the campaign, the hacktivists have leaked the details of more than 4,000 bank executives.

It’s interesting that the hackers haven’t used Pastebin or other similar websites to publish the data. Instead, they have hacked the website of the Alabama Criminal Justice Information Center (acjic.alabama.gov) and have posted the information in its “documents” folder under the name “oops-we-did-it-again.”

The file published by Anonymous contains names, titles, email addresses, physical addresses, fax numbers, mobile phone numbers, login IDs, IP addresses, password hashes, and other details. The information appears to belong to presidents, vice presidents, managing officers, CEOs, SVPs, and others.

ZDNet has analyzed the list of names and has learned that most of them show up as current employees on the banks’ websites.

Reddit users have also studied the leaked information.

“OK, I called a few of them. What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all. The ramifications of that kind of loss of control is severe,” one user noted.

Others, on the other hand, don’t agree with Anonymous.

“#OpLastResort has shown up out of nowhere to leak the have personal information of a lot of innocent people and should not be regarded as part of 'Anonymous'. There is no reason for what they did and they didn't even attempt to justify or even give meaning to their actions. They are simply destructive,” another user argued.

Operation Last Resort, a campaign that comes in response to the suicide of Aaron Swartz, was initiated around one week ago with a hack which targeted the United States Sentencing Commission (USSC).

Lithuanian Online Game Site Miestukarai Hacked, 24,000 Users Data Leaked

A hacker called AnonVoldemort claims to have gained access to the databases of Miestukarai.lt, a Lithuanian online game that appears to have almost 35,000 players.

In the tweet announcing the hack, AnonVoldemort revealed that he had leaked over 24,000 accounts, both free and premium.

The data has been removed since from Pastebin. It’s possible that the site’s administrators have learned of the leak and have requested Pastebin to remove the information.

However, according to CWN – who had analyzed the leak before it was removed –, usernames, email addresses, IP addresses and hashed passwords were published by the hacker.

If there are any Miestukarai players reading this, I advise them to immediately change their passwords. Not only the ones protecting their game accounts, but all the passwords that are the same with the one leaked by the hacker.

Hackers Steals 36,000 Individual Details from US Army Database

Earlier this month, unknown hackers managed to gain illegal access to the details of around 36,000 individuals who were somehow connected to the US Army command center formerly located at Fort Monmouth.

According to APP, the details of Communications-Electronics Command (CECOM) and Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) personnel were accessed by the hackers.

Nongovernmental personnel and Fort Monmouth visitors are also affected by the breach.

The hack, discovered on December 6, exposed names, dates of birth, social security numbers and salaries, Army representatives said. After the incident, the targeted databases have been taken offline.

CECOM and C4ISR were relocated from Fort Monmouth to Aberdeen Proving Ground back in September 2011.

The affected individuals are being offered one year of free credit monitoring services.

Groupon India Accidentally Published 300,000 Text Password of Users

Groupon subsidiary Sosasta.com accidentally published a database containing the email addresses and clear-text passwords of 300,000 users and the cache was indexed by Google.

The trove of personal data was discovered by Australian security consultant Daniel Grzelak as he plugged a handful of query terms into the search engine, he said Tuesday. He contacted Patrick Gray with security blog Risky Biz, which reported that the SQL database contained the details for 300,000 Sosasta account holders.

A Groupon spokesman confirmed that the digital coupon distributor “was alerted to a security issue” on Thursday night and corrected the problem immediately. The issue was limited to Sosasta, which uses its own servers and network and isn't connected to Groupon's systems in other countries.

“We have begun notifying our subscribers and advising them to change their Sosasta passwords as soon as possible,” the spokesman said in a statement. “We will keep our Indian subscribers fully informed as we learn more.”

At time of writing, there was no advisory on either the Groupon or Sosasta websites, although Sosasta's Facebook page contained a notice that came in the form of a JPG image that couldn't easily be indexed by Google or other search engines. Ah the irony.

According to Risky Biz, Grzelak found the massive cache as he was looking for additions to shouldichangemypassword.com, a side project that indexes email addresses included in more than a dozen high-profile privacy breaches carried out by LulzSec and other hacking groups. The query that hit pay dirt included the terms “filetype:sql” “password” and “gmail.”

“I started scrolling, and scrolling and I couldn't get to the bottom of the file,” Grzelak told Risky Biz. “Then I realised how big it actually was.”

The Groupon statement didn't say why passwords weren't encrypted or why such a sensitive file was publicly available.

The snafu is the latest to expose the folly of using the same password on more than one site, a practice still followed by a shockingly high number of people. If you're one of them, you ought to consider using a password-management program such as Password Safe or KeePass.

The Groupon subsidiary sure isn't the first to carelessly expose data it has promised to keep private, and judging from this Google search, it's probably not the last.