1 million accounts leaked in megahack on banks, websites

"Team GhostShell said the online leaks, which are part of its Project Hellfire campaign, were made in protest against banks"<p>Hey there, lady trying to make a car payment! Hey, guy checking his balance before he buys groceries! Your bank's a dick, so we ruined your week. Hope that's okay.

This is the same leak that claimed to have "CIA records", which actually turned out to be from <a href="http://ciaservices.com/" rel="nofollow">http://ciaservices.com/</a> instead of the government agency. There's a lot of hype surrounding this that seems to be total bullshit. The "1 million records/accounts" includes a lot of trivial, non-sensitive information, and the targets are mostly low-value to begin with. Seems like someone just ran a bunch of SQL injection attacks on random vulnerable websites and is trying to pass it off as grandiose political activism.

Semes like a linkbaiting headline (of the original article) once again... Don´t see these "1 MILLION" accounts anywhere an neither the mentioned blog post [1] nor the original announcement at pastebin [2] does mention that. (EDIT: The pastebin statements indeed mentions "one million accounts/records leaked", buy thats not quite the same imho (emphasis on "records").<p>The blog post states explicitly that "a lot of the stolen content did NOT include any sensitive information".<p>[1]<a href="http://blog.imperva.com/2012/08/analyzing-the-team-ghostshell-attacks.html" rel="nofollow">http://blog.imperva.com/2012/08/analyzing-the-team-ghostshel...</a><p>[2]<a href="http://pastebin.com/BuabHTvr" rel="nofollow">http://pastebin.com/BuabHTvr</a>

A small-ish blog post by Imperva security discussing the leak: <a href="http://blog.imperva.com/2012/08/analyzing-the-team-ghostshell-attacks.html" rel="nofollow">http://blog.imperva.com/2012/08/analyzing-the-team-ghostshel...</a>

Even if the original article capitalized the "million", it's good practice here to convert to regular capitalization when submitting. It just reeks of loudmouthed sensationalism and linkbaiting. I refuse to clickthrough on such submissions.

What's megahack? Is it run by Kim Dotcom?

I wrote a simple python script to download all the content. Hope to do some analysis on it offline. Please don't mind the newbie coding skills :). I put the script on github at <a href="https://github.com/kudithipudi/Misc-Scripts/blob/master/parseHellfire.py" rel="nofollow">https://github.com/kudithipudi/Misc-Scripts/blob/master/pars...</a>

News stories like this are sometimes hyped but it's better to be safe than sorry.<p>I wonder if writing sky-is-falling style articles resonates more with people who would otherwise not treat their own online privacy/security as something to take seriously.

Ahhhh, we've come full circle. Back from the days when script kiddies would DoS a site or 'crack' a telnet password, then deface and claim they have street cred.<p>I would love to find someone who has actual street cred and had their account information released by these chuckleheads, and put them in a room together.<p>This isn't about politics. I doubt these losers even know anything about the companies they attacked. Fucking douchebags.<p>However, I should also blame the companies involved here. If they can afford $1000 for some kind of web app firewall they probably could have detected sqlmap raping their site with faulty queries.

Posted a couple days ago <a href="http://news.ycombinator.com/item?id=4435348" rel="nofollow">http://news.ycombinator.com/item?id=4435348</a> not much discussion though.

&#62; An analysis of the hacks by security biz Imperva reveals that most of the breaches were pulled off using SQL injection attacks.<p>Client-side encryption, even in JS, would have prevented this, it seems.