Slide Show: 2012 Pastebin Pinups
Some of the most embarrassing dumps of leaked databases, exposed corporate IP and breached customer records in 2012
True, news of the Stratfor breach that exposed 50,000 customer credit cards first broke the day after Christmas last year, but the "lulzy" release of Stratfor's email files made waves on Pastebin starting this January, first with a few embarrassing leaks and then culminating in a dump of 5 million emails from the Stratfor data stores in February.
The pcAnywhere saga started in January when hackers stole source code for the Symantec product and started extorting the company for money with threats of exposing it online. After Symantec turned the case over to police investigators who continued sham negotiations for a while, the hackers eventually unceremoniously exposed the code on Pirate Bay. Eventual analysis lead to a more damaging Pastebin release by security researchers of exploit code for a denial-of-service vulnerability found in the product through the initial exposure.
As if online dating wasn't hard enough. The group LulzSec Reborn rose from the proverbial ashes to unload a Pastebin post that exposed usernames and passwords of nearly 171,000 users of the www.militarysingles.com dating website. Emails breached included domains like @us.army.mil, @carney.navy.mil, and @greatlakes.cnet.navy.mil.
OK, so we admit that this one wasn't initially unleashed via Pastebin. Hackers first exposed account details of 6.5 million LinkedIn users on a Russian cyberlocker site. But after that, researchers and hackers mirrored the goods all over the Internet, including in Pastebin dumps, to embarrassing effect. The analysis of these exposed records showed LinkedIn utilized unsalted SHA1 password hashes.
The hacker collective Team GhostShell made waves in August when it dumped data from what it claimed was a coordinated attack to steal one million records from banks, government agencies and consulting firms.
"Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the group wrote. "It's only the beginning.'
According to analysis by security firm Imperva, at least part of these records were stolen using automated SQL injection attacks fueled by the tool SQLmap.
AntiSec hackers didn't take the summer off. The group stirred the pot of contention with the release of 1 million Apple device ID details, which they claimed was a subset of 12 million they stole from the laptop of an FBI agent. FBI officials said the data didn't come from them and a few days later, a digital publishing firm from Florida called Blue Toad said the files came from their systems.
Just in time for fall matriculation: students, faculty, and staff at 53 different universities around the world were exposed when Team GhostShell in October dumped a file with sensitive details of 120,000 records. Affected universities included notables like Harvard, Stanford, Oxford, Princeton, and Johns Hopkins.
An Egyptian hacker is the latest to gain fame through his Pastebin exhibitionism when just last week he dumped a database of 150,000 email and password combos of Adobe customers and partners associated with the company's Connectusers.com website. Like many stolen caches, the repository was pilfered using tried and true SQL injection techniques.
An Egyptian hacker is the latest to gain fame through his Pastebin exhibitionism when just last week he dumped a database of 150,000 email and password combos of Adobe customers and partners associated with the company's Connectusers.com website. Like many stolen caches, the repository was pilfered using tried and true SQL injection techniques.
An Egyptian hacker is the latest to gain fame through his Pastebin exhibitionism when just last week he dumped a database of 150,000 email and password combos of Adobe customers and partners associated with the company's Connectusers.com website. Like many stolen caches, the repository was pilfered using tried and true SQL injection techniques.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024