Old but still Gold, old working leaks from Amazon, Playstation, Xbox speak how much users care about security
December 27, 2014,ย Hackers who claims to be affiliated with the Hacktivists collective “Anonymous” leaked 13,000 user ids and passwords fromย Amazon, PlayStation, Xbox, Twitch, Dell, Walmart, UFC TV, Ubisoft, XBL, few other popular service. ย The said leaks also contained creditย card details including CVVs.
The information was leaked on Ghostbin, and paraphrased with,ย ‘Just for lulz’
A total of approximately 13k accounts. We did for the Lulz. https://t.co/J65y8NLCLV #Anonymous #AntiSec #LulzXmas
— Anonymous (@AnonymousGlobo) December 26, 2014
The Ghostbin paste has since been removed, however our team was able to get a copy of the alleged leak data
At first glance, the leak seems new and seems to have been collected from the above mentioned services and websites, using phishing, social engineering or with similar methods.
Alleged Leak comes from old leaks from 2012 and 2013, experts says
Cyber security experts who previously operated Cyberwarnews has since been working on to find out where the leak comes from.
Here is what they found, aย vast portion of the leak comes from old leaks from 2012 and 2013
@AnonymousGlobo FAKE LEAKS – https://t.co/CnIM8VrxaG https://t.co/YF0FiQdf1i didn't want to do this but eh.. over fake leaks
— CWN (@Cyber_War_News) December 27, 2014
Every lead is important for an investigation, looking at the old leak details provided by the cyberwarnews in the paste and matching it with the recent leaks from AnonymousGlobo comes to be a match.
Old but still Gold
SO since the leak is old, no one has to worry, Right?
Wrong, shocking but its true old data leaksย may lose its importance but not completely. A very small amount of the leaked details from the recent leak, which matches old one, ย is apparently found to be still working.
They may be working asย many users never care about resetting or changing their login credentials following a data breach of a service which they are using. Some do not do it even after the service provider requests them to reset the passwords.
Who is behind these leaks?
The alleged leak was first posted using Anonymous Globo Twitter handle, which has not been used since, however a hacker with a online handle ofย @CyberGhost__ (Hussein Haxor), who claims to be affiliated with AnonymousGlobo took responsibility of the leak, also confirming that it was them who also leaked it back in 2012 and 2013. the leak was not 100% old but few fresh accounts were added to he said replying to Cyberwarnews on twitter.
@troyhunt @Cyber_War_News Just decided to post again but with new data added
โ Hussein (@CyberGhost__) December 27, 2014
@Cyber_War_News @troyhunt accounts pic.twitter.com/08BSDCzYIB โ Hussein (@CyberGhost__) December 27, 2014
Anonymous is a highly decentralized hacktivist collective ย with very less of control over each other and much less co-ordination. ย However, several Anonymous affiliated members said they do not promote activities like these.