LulzSec's final file dump includes Battlefield Heroes info

The hacker group LulzSec may have decided to stop their massive hacking campaign this weekend but that doesn't mean that the group didn't want to stage one final big release of data that it has gathered from previous hack attacks. In its last hurrah, LulzSec released a data torrent via the Pirate Bay web site that has info from a number of sources. As reported on the Rock Paper Shotgun web site, the biggest file comes from Electronic Arts' free-to-play shooter Battlefield Heroes. The file download contains personal info for 550,000 users of that game.

Of course this is not the first time that LulzlSec has gone after a gaming related web site or service. It also went after the Minecraft site, shut down the MMO EVE Online for a time, and even attacked the US online servers for Nintendo, among many other attacks in the past 50 days.

The data dump also has info for 200,000 users of the Hackforums.com web site and personal info from 50,000 people who have posted on various gaming forums. There was also some internal data released that came from AT&T and AOL as well as info from 12,000 members of the NATO Bookshop web site.

As we have previously reported, LulzSec has said that it is retiring its hacking campaign today. The message said that the group is a big supporter of the AntiSec (anti-security) movement and added, "The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve."

Report a problem with article
Previous Story

Neowin Guide: Avoiding Adware in Installers

Next Story

AMD and Nvidia depart SySMark PC benchmark group

17 Comments

Commenting is disabled on this article.

I've changed some passwords after this release since I was a battlefield heroes user. Better safe then sorry.

I, for example, see one point in it: why the fkc so many companies need my details? I believe 50% of those should store nothing or hardly anything more than an email and password (hash+salt+pepper ^_^).
Unfortunately the scope of damage wasn't big enough to make some major changes in data retention policies ...

SHADOW-XIII said,
Unfortunately the scope of damage wasn't big enough to make some major changes in data retention policies ...

And the only people to suffer from any of this are the normal people.

thornz0 said,

And the only people to suffer from any of this are the normal people.

Yeah because Sony didn't lose anything in all of this..

LordBattleBeard said,
Yeah because Sony didn't lose anything in all of this..

Some cash?? ZOMG. Sounds like with all the free stuff they were giving out their online numbers are as good as ever. The only people to actually suffer are >us<

They will have backsides like clowns' pockets when they finally get out of jail. Really hope they get caught.

I do wonder why they decided to stop. I wouldn't be surprised if they do carry on, publicly or not.
I know I'll probably be hated on for this comment but its just my opinion;

I know that morally what they have been doing is wrong and they didn't go about what they did in a very sensible way, but it goes to show how irresponsible some companies can be with security, especially when dealing with customers private info. If nothing else comes of the events of recent weeks, I would hope it a big wake up call to such companies to sort themselves out and protect our data better. The fact that they were publicly broadcasting their "attacks" almost made me feel some kind of comfort that they hadn't yet hit a company where I have info held. The worry is, there are probably groups/individuals out there performing similar acts but as they are not announcing it to the world, we are none the wiser until it is too late.

This is not a pro LulzSec post nor an anti LulzSec post. I believe what they did needed to be done, and is long overdue, to show people how vulnerable our data can be online and to push companies to better secure our data. Whether they went about doing it the right way is another matter.

Jonny Wright said,
I do wonder why they decided to stop. I wouldn't be surprised if they do carry on, publicly or not.
I know I'll probably be hated on for this comment but its just my opinion;

I know that morally what they have been doing is wrong and they didn't go about what they did in a very sensible way, but it goes to show how irresponsible some companies can be with security, especially when dealing with customers private info. If nothing else comes of the events of recent weeks, I would hope it a big wake up call to such companies to sort themselves out and protect our data better. The fact that they were publicly broadcasting their "attacks" almost made me feel some kind of comfort that they hadn't yet hit a company where I have info held. The worry is, there are probably groups/individuals out there performing similar acts but as they are not announcing it to the world, we are none the wiser until it is too late.

This is not a pro LulzSec post nor an anti LulzSec post. I believe what they did needed to be done, and is long overdue, to show people how vulnerable our data can be online and to push companies to better secure our data. Whether they went about doing it the right way is another matter.

Juniper networks recently did a survey and it showed that 90% (583 in total replied) of the companies said they have been hacked in the last year. With Juniper supplying some of the biggest names on the net, just how many sites get hacke and swept under the carpet without users knowing their data has been comprimised? With 41% of the hacked companies losing more then $500,000 usd, we're not talking about small time setups here.

"Insufficient budgets are an issue for many organizations in our study. Fifty-two percent of respondents say 10 percent or less of their IT budget is dedicated to security alone."

"In the next 12 to 18 months, 47 percent say their organizations will spend the most IT security dollars on network security." - 41% lose over 500,000, are these the only ones that invest in security after the event?

It just goes to show, companies we entrust just don't really care about anything other then profit.

http://www.juniper.net/us/en/l...ptions-network-security.pdf

ARGH ... the whole point is, they're hated by people for leaking personal info ... no one gives a crap that they expose security holes. These morons have zero common sense. Jesus, they could set up a VERY successful company and get paid to hack into servers and find security holes and advise. Instead, they act like idiots and leak innocent people's data. Dragging others into their childish games is pathetic. I'm laughing because they WILL be caught, and they only disbanded because they know it.

Spirit Dave said,
...they could set up a VERY successful company and get paid to hack into servers and find security holes and advise.

Yeah, maybe... just maybe they are already part of a successful white hack company but with business going slow right now, they've decided to drum up some interest.

With such simple hacks in some of the biggest company and government sites, you'd have at least thought they'd have hired white hackers to check out their site before rogue hackers like lulzsec got to them.

So, who is actually at fault here?
The hackers, that are lulzsec, for hacking common and well used sites via trivial security holes that should and could have been prevented, ie SQL injections and encryption. OR us, the public, for putting our trust into companies that we expect to keep our data secure?

sagum said,

So, who is actually at fault here?
The hackers, that are lulzsec, for hacking common and well used sites via trivial security holes that should and could have been prevented, ie SQL injections and encryption. OR us, the public, for putting our trust into companies that we expect to keep our data secure?

Clearly this group are at fault. We aren't educated as a public enough to know if we should put our trust in major companies. You'd expect the law to cover you. Fact is, regardless of that, putting these details out there is dangerous and completely irresponsible of this group. I can't even say their name because it's so embarrassingly 1990's. They're lacking serious amounts of common sense and it's horrendous that they sleep at night. Personally, I love that they expose security flaws. But posting the info online for anyone to see? That's evil.