After the FBI captured Sabu, LulzSec’s leading hacker, and other key members of both LulzSec and hacker activist group Anonymous, it seemed that LulzSec was all but forgotten. However, a new group has emerged and seems to be picking up where LulzSec left off. This new group goes by the name LulzSec Reborn, and they have made an announcement this week that they were able to hack a military dating website and released usernames and passwords for 170,937 subscribers.
LulzSec Reborn made this announcement on Sunday via the Pastebin post, stating: “The website http://www.militarysingles.com/ was recently closed day ago or so, so we dumped email db. There are emails such as @us.army.mil; @carney.navy.mil; @greatlakes.cnet.navy.mil; @microsoft.com; etc.” The group then released a 13-MB file that contained stolen user data.
Meanwhile, a Tuesday tweet from Operation Digiturk, the Turkish offshoot of Anonymous, who had originally made the announcement for of the hack promised that more operations like this would still be coming. “You will see the full database of military singles which includes priv messages etc soon :).”
According to the MilitarySingles website, they describe themselves as “an online dating service created to provide soldiers a means to find a match with someone who is interested in the military lifestyle,” as well as “a great way for any civilian to find the soldier of their dreams.” But according toDataBreaches.net, instead of members’ images displaying on the website Monday, there was instead this text: “Error: Slideshow data cannot load due to security issue.” By Tuesday, however, the site’s images appeared to once again be working.
In a comment posted to DataBreaches.net Sunday, the administrator for ESingles–the company that runs MilitarySingles–disputed that the site had been hacked. “We at ESingles Inc. are aware of the claim that someone has hacked MilitarySingles.com and are currently investigating the situation. At this time there is no actual evidence that MilitarySingles.com was hacked and it is possible that the Tweet from Operation Digiturk is simply a false claim. We do however take the security and privacy of our members very seriously and will therefore treat this claim as if it were real and proceed with the required security steps in order to ensure the website and its database is secure.”
But in response to that comment, a post from DataBreaches.net read, “I compared the database in the .rar file to the ‘online members’ pictured on your home page and the entries in the data dump correspond to those usernames.”
Likewise, LulzSec Reborn tweeted Monday: “Stupid Administrator ‘There is no evidence militarysingles is hacked’ Well guess what?” and linked to a page on the MilitarySingles.com website which read: “lulz is sb.”
Accordingly, any users of the dating site should expect to see their username and password choices leaked online. “If you know anyone who has ever used the Military Singles website, it would be a good idea to tell them to change their password as a precaution–and to ensure that they are not using the same password anywhere else,” said Graham Cluley, senior technology consultant at Sophos, in a blog post.
The dating website hack was the first data release associated with LulzSec Reborn, which announced its return, or at least reboot, last week via YouTube. “You haven’t stopped us, you have merely disrupted the active faction,” said the video, which didn’t yet sport the “LulzSec Reborn” name.