LulzSec Over, Release Battlefield Heroes Data

So hopefully this is the last lot.

LulzSec, the hacker group who have claimed responsibility for many of the high profile attacks on gaming companies, publishers, and even the CIA, have declared their work is done, their time is up, and they’re off. Apparently it was always intended to be a 50 day voyage aboard their Lulzboat, and it has come to an end. They believe they have revitalised the Antisec Movement, and entertained themselves along the way. Which they claim, albeit in hindsight, was always their goal. But whatever their reasons, their goodbye comes with perhaps their biggest release of data yet. It’s going to be messy. This one contains 550,000 Battlefield Heroes Beta users’ details, and the details of 50,000 users from “random gaming forums”.

You can see the full list of what’s released in this farewell below, but the ones to worry about are if you’re registered on the Battlefield Heroes beta, registered to, or one of the 50,000 who have been picked up from whichever gaming forums they went after. If you’re worried, just reset your passwords immediately, and if you’ve been so daft as to use the same password elsewhere, for goodness sake go change them anywhere important.

The claim of always being motivated by AntiSec and with a 50 day plan seems a little dubious, since they gave no hints that their reign of error would be so finite. Rather the loudest aspect of their legacy became DDOS attacks on various minor and major sites, which led to a lot of other groups questioning their abilities. The response of releasing 62,000 unsourced email addresses and their accompanying passwords was certainly an evocative one. While clearly adept – they’ve released internal data from Sony, Arizona government, Nintendo, and so on – the reputation was muddied by taking down easy targets such as indie developers, such as Mojang’s Minecraft. It’s arguable that their full list of releases will not be what they’re remembered for.

However, what they certainly managed to do was create lulz for themselves along the way. Which is of course the same as saying they succeeded in upsetting and pissing off a huge number of people over the last month and a half. And while it’s tempting to categorise them as either griefer anarchists, or amoral crusaders, they fell neatly into neither camp. Instead their actions were more true to the lulz-seekers than most analysts and victims ever get to grips with. They just entertained themselves, whether that was by upsetting a group of gamers on a forum, or by making political statements. Not a form of entertainment the majority can identify with, or perhaps even understand, but one that meant no fixed ideology was driving them beyond seeing what was next.

There is a hint of purpose in their closing statements – one I suspect they’d not have been able to claim as their eventual goal when they started, but who knows,

“Behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”

Understanding AntiSec can be about as confusing as getting your head around the mindset of the hackers. It is, essentially, the campaign to prevent the publication of security vulnerabilities online. It may seem a strange position, but it is the belief of this movement that such vulnerabilities are made public by those who profit from preventing the attacks. Anti-virus and internet security firms, they claim, ensure the spread of such internet weaknesses via “full-disclosure”, which then allows anyone to exploit them, and thus give greater cause for people to pay for the services of those who can stop them. And their solution? Mayhem. They believe that by raising hell, and seeking to destroy those who partake, they can force a change in the way the industry works. Whether conspiracy theory, excuse for pissing people off, or noble cause, it’s this that LulzSec claim to have been raising awareness for.

It’s hard to see quite how their targets match those of the AntiSec plan. Rather than going for those who publish exploits, they went for anyone who annoyed them. It’s certainly arguable – and they themselves occasionally alluded toward it – that taking down gaming sites makes it very clear how poorly protected the majority of online services are. While it may make no sense to many why it is worth publishing Bethesda’s internal documents, or the user database of, it certainly has made a huge audience of people aware that their personal information is not secure. I know I’ve realised I should strengthen a couple of passwords here and there.

Of course, one could equally argue that raising awareness of the vulnerability of online information has quite the opposite effect of the AntiSec agenda, making people more fearful of security, and more likely to go to the firms who claim they can improve it. And when LulzSec’s first famous attack (although their fifth release) was the defacement of the PBS website, after LulzSec suggested they were annoyed by the American publicly funded station’s report on the Wikileaks saga, it’s hard to follow any logical trend regarding these latterly claimed motivations.

Their final statement comes with a final release, and it’s not a happy one for many. It contains the following:

booty/AOL internal data.txt 63.6 KiB
booty/AT&T internal data.rar 314.59 MiB
booty/Battlefield Heroes Beta (550k users).csv 24.67 MiB
booty/FBI being silly.txt 3.82 KiB
booty/ (200k users).sql 111.2 MiB
booty/ (12k users).csv 941.8 KiB
booty/Office networks of corporations.txt 3.87 KiB
booty/Private Investigator Emails.txt 2.52 KiB
booty/Random gaming forums (50k users).txt 6.08 MiB
booty/Silly routers.txt 67.7 KiB
booty/ owned.png

Clearly AT&T and AOL are going to be spitting. I’m guessing that the Private Investigator firm they’ve released all the usernames and passwords for is one that was going after them. There’s a dig at the FBI, a worrying list of vulnerable routers with unset passwords, and goodness knows what NATO Bookshop did to have them release twelve thousand user details. (The NATO Bookshop site currently redirects to the NATO front page.)

But users of Battlefield Heroes and literally hundreds of thousands of other forum users are now in danger of having other accounts using the same or similar passwords hacked. Which is utterly horrible for them. It’s the point at which LulzSec lose any understanding.

It’s such a confused collection, at once in tune with AntiSec, exposing Hackforums, etc, and then at the same time letting people know what’s vulnerable out there, and encouraging others to attempt to hack people’s various accounts. But then I’m making the same mistake I explained above – trying to fathom it, when their central purpose is lulz.

But with that, they claim, they’re done. Lots of people hurt along the way. Lots of companies aware quite how vulnerable they are. Lots others frantically trying to fix their own weaknesses. Some entertained by it all. So very many people are devastated by their personal details being exposed for no understandable reason. The mistake almost everyone from every category makes is trying to explain it.

Here’s their closing statement – and no matter what you may think of them, their actions, or the consequences of their actions, those hackers can write.

Friends around the globe,

We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow…

Lulz Security – our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe


  1. treat says:

    When they release innocent peoples information, every philosophy they held to justify their actions goes out the window. It’s the same as protesting violence with violence. This isn’t “hacktivism,” in any sense, it’s nothing but criminal actions without reason–rebellion without a cause.

    • skinlo says:

      Their purpose is for the lulz. That is their cause.

    • skurmedel says:

      Well their cause is shit.

    • kregg says:

      It’s guys like them why I hate humanity as a whole.

      Bunch of jerks.

    • Bilbo says:

      They were referring to it as “Ethical Hacking” at one stage – that’s like saying mugging people is Ethical Street Crime. They were using the term on Newsnight last night, it was really fucking irritating

    • Commisar says:

      well, tomorrow, so hacker group that aren’t a bunch of children are going to release lulzec member info all over teh interwebs as seen here link to

    • Corrupt_Tiki says:

      @ Commisar


    • Jerricho says:

      This is why we can’t have nice things!

    • Ravenger says:

      It’s as though someone saw you’d left your wallet where someone could steal it and instead of telling you personally they stole the wallet and posted all your credit card, drivers licence and other personal details over the web – just to teach you a lesson about keeping your wallet secure.

    • McDan says:

      It’s an alright piece of writing, but then again it comes after they’ve apparently finished. So they could had just made anything up in hindsight and said it was their goal when really they’re just immature dicks.

    • Alexander Norris says:

      @Bilbo: what? Lulzsec certainly weren’t ethical hackers, but ethical hacking is not some kind of oxymoron.

    • Bilbo says:

      I meant in the case of lulzsec using the word.

    • SaVi says:

      Hm, What should I do if I find out that one or more of the lulsec guys lives near me after their info gets out? I am somewhere between suing them or taking my good friend “aluminium-bat” and go reform a few shins.

    • Mattressi says:

      As long as it’s for the lulz, SaVi.

    • OctaneHugo says:

      I like that idea SaVi, but I think I’ll go with my pal “hockey stick”.

    • nafe says:


      You might say that lulzsec put us all in the…. DANGER ZONE!

    • icupnimpn2 says:

      It’s more like someone pick-pocketed you, disseminated all of the contents of the wallet, then claimed they were doing it to teach manufacturers of wallet chains not to try to keep wallets in pants.

  2. Mike says:

    Ah. Something finally scared them off then, eh?

    • Hoaxfish says:

      that guy being arrested is just coincidence

    • Kadayi says:

      Probably because TheJester was gunning for them, and was intending to fully expose them.

    • Froibo says:

      Pretty funny just yesterday they wrote this on their pastebin in response to The Jester sizing up their server.

      “We’ll not brag too much of our accomplishments, as they speak for themselves on our releases page. 2 months of mayhem with more to come – we declared war on the police and hundreds of internal police documents are released in the same week. ‘Nuff said.”

      Kind of funny to write this and call it quits the next day, someone was getting close to them.

    • Vandalbarg says:

      Yup link to Turns out they pissed off the wrong group of people there.

    • TillEulenspiegel says:

      People are saying that information is from HBGary, which makes it highly dubious. There’s precious little evidence, just gratuitous personal information about arbitrary people. Claims of “back hacking” are more amusing than credible.

      Wouldn’t put it past LulzSec members to assume the IRC handles of people they don’t like, either.

  3. Bhazor says:

    “And while it’s tempting to categorise them as either griefer anarchists, or amoral crusaders, they fell neatly into neither camp.”

    Well lets split the difference and just call them wankers.

  4. 8-bit says:

    thats a nice bit of spin there but at the end of the day these guys just pissed off the wrong people. there is no mask to hide behind now and they think that by crawling back to anonymous they will find protection, not bloody likely imo.

    • tanith says:

      What the hell are you talking about?

    • 8-bit says:

      Spin, you know the same thing politicians do when they want to try and convince people the ship isn’t sinking. Several of them have had their real names publicly revealed, they have been under attack from much better hacking groups than they are, and one of them has been arrested. This isn’t a statement of triumph, its them running away with their tails between their legs, presumably to hide behind anonymous which is where they came from in the first place.

    • DJ Phantoon says:

      How does one “hide behind” Anonymous? That’s like saying you’re going to “hide behind” trees. Saying that you can hide in a completely disorganized group is just plain silly. Ever visited 4chan? Then you’re a part of anonymous, if you ever went back. Surprise!

    • 8-bit says:

      ever visit 4chan? yes I have, once. have you ever done five minutes research on anonymous? apparently not seeing as you don’t seem to know that the ones who actually participate in the group activities are a lot more organized than they once were. the group has a structure and if need be, leadership to take control of a situation. visiting 4chan doesn’t make anyone a part of anonymous, thats like saying posting on any site that doesn’t use real names makes you part of the group, it just doesn’t work like that anymore.

  5. Tycow says:

    Do we think this has anything to do with this?
    link to

    • Kadayi says:

      Most likely.

    • Wulf says:

      Heh heh heh. Good job, TeaMp0isoN. I suppose that’s what you get for pissing off people who can actually hack. I kept saying how annoyed I was that LulzSec was being bundled in as a hacker group, and… apparently I was not alone in feeling that way.

    • Commisar says:

      oh yes, I MUST SEE PICTURES/ ADDRESSES OF THESE PEOPLE /searches for bus pass and baseball bat

    • Coins says:

      At least Lulzsec can write properly. I mean, if you take the trouble to hacking something, at least bother to have a proper speech ready.

  6. kwyjibo says:

    Yeah, I’m sure their 50 days were planned. Probably planned last night when they thought people were getting too close. I guess they’re happy being a footnote.

    It was just a worthless campaign. They’d have been funnier if they had class.

    • 0p8 says:

      well thats just not true.
      im not supporting what they did but the end result has meant a LOT of ppl have strengthened passwords (me included) and quite a few companies have probably tightened security…so what they did was annoying to some……but not entirely worthless on the whole.

    • Wulf says:

      Like I pointed out before, there are ways to do this which aren’t so outright malicious. I’m not speaking of myself here because I tend to use a variety of passwords these days based on a central cipher, only not bothering to do that with sites I don’t deem that level of security necessary for. But let’s say that some computer neophyte, not of the UK, and not covered by the NHS, is using their pay party to play games to keep them sane, and partly to buy drugs to keep them alive.

      Now, let’s say that via their gaming, their details were leaked, and their bank account was raped. What then? That’s clearly a malicious act for which LulzSec is viable, and if TeaMp0isoN do leak their details (as I really hope they will), then all the members of LulzSec are going to be looking at prison time, and nothing light, either. Again, only if someone actually dies from this… but I’ve been following the Twitter and you would not believe how many unconscionable kids have been just using that data to steal PayPal accounts and the like, so that they can buy stuff with the money of others.

      It might not be annoying to some, to someone it could be a life, and then… that’s when things get interesting. See, that’s where LulzSec fuck it up for all of us. Let’s say someone does pop their clogs under my hypothetical scenario, it gives politicians and the media a martyr to play with, and that’s far more potent of a thing than the wounded ego/wallet of a multinational corporation. Most people can’t relate to multinationals, but most people can relate to ‘cyberterrorism lead to the death of so-and-so.’ And that’s when tighter Internet regulations start looking reasonable.

      In the end, if we do see a worst case scenario, the ‘lulz’ will be on all of us.

    • Kent says:

      How is strengthening passwords good? It’s annoying enough that you gotta have register on pretty much any site you visit these days: That’s what is compromising our security.

      If it wasn’t for people like them we wouldn’t need to strengthen our passwords in the first place.

    • gwathdring says:

      I’m with kent. Also, when people lose money and become the targets of massive torrents of spam … you aren’t improving their quality of life by causing them to boost their password in fear.

      If Lulsec had gotten into a ton of paypal accounts and stolen a bunch of money, would you say they were helping people strengthen their passwords? Terrorizing people isn’t helpful simply because it makes them bar their doors.

      I really hope you re-examine that sentiment. It is a very dangerous, very insensitive stance to take. Similar ideas have caused a lot of trouble for innocent people when thought sincerely and a hell of a lot more trouble when hidden behind by worse people than misguided philosophers.

    • 0p8 says:

      by “strengthening passwords”, i also mean not using the same password for lots of accounts. (which is the main lesson i think has been learned by a lot of ppl).

    • gwathdring says:

      But how is that helpful? It’s only helpful because bastards like these try to hack into people’s accounts. In a more secure Internet, one password would be sufficient. They aren’t helping people differentiate their password. These people are the REASON it’s a good idea to differentiate passwords.

      There’s a fundamental difference between those two ideas.

    • Rich says:

      I had a perfectly convenient password for my Battlenet account, then I got an email saying someone had changed it. Now I have to keep some stupid code dispensing app on my phone which I have to run every time I want to play a Blizzard game.

      The way I see it, this is a consequence of two things:
      1. Blizzard has become so mad about piracy that they insist on linking all of your games to one account. Lose that account and you’re stuffed.
      2. Because of 1 there are bastards out there who will try to get hold of your account and steal all your games and buy stuff in your name.

      Without 1, 2 wouldn’t matter. Without 2, everyone would be a lot happier.

    • kwyjibo says:

      No, the campaign was worthless because it was low hanging fruit. Yeah, the sites hit will upgrade their wordpress overall or whatever to the latest version. But that’s fucking nothing. Hundreds of thousands of sites out there will not do anything about it, that low hanging fruit will still exist.

      Sites will continue to be archived and their security won’t be patched. No one gives a shit about a defunct games forum.

      If we look at a hack with some real worth, like stuxnet, the gulf is enormous. That’s because the Israelis are professionals and lulzsec just used off the shelf tools. Compare this with the Heartland payments breach, or even the recent psn outage, and you’ll realise that these guys have taught us nothing.

    • jalf says:

      If it wasn’t for people like them we wouldn’t need to strengthen our passwords in the first place.

      Yes indeed. But, and I realize this may shake the foundations of your entire world-view, people like tehm exist *outside* LulzSec too.

      In other words, the main effect they had was to show everyone that hacking is largely as simple as picking a website. A group of attention-starved kids with no special hacking expertise can do it, at a rate of a site every couple of days.

      And that would still be true if that group had never chosen to hack a single website. The difference is that now most people are painfully aware of this fact.

      A month or two ago, most people lived in a delusion that hacking happens to other people, that you have to be a skilled hacker to breach a a website, and that even then, it only happens to unusually sloppy and insecure sites.

      They’ve shown that this isn’t quite true.All it takes is a group of bored kids, and your account info on some reasonably popular and “reputable” websites is public knowledge.

      It seriously baffles me to read people say what basically boils down to “everything was better before LulzSec”. No, it wasn’t, you just didn’t *know* that any bored hobo with a PC could get your password within a day or two. I know they say ignorance is bliss, but really…

      Nothing has changed, except we’ve been given a little display of just how many sites can be hacked in a matter of days.

      That doesn’t mean we should “thank them”, or that they’re “good guys” or anything like that. They’re not, and we shouldn’t.But at the end of the day, we got a wake-up call from a group of bored kids who wanted attention, which is a lot better than if it’d happened from someone who actually wanted to exploit this information to cause damage on a larger scale.

    • I definately could of been a rouge villian but than I could care less. says:

      Thank you so much.Finally, someone with some common sense. I can’t believe what I’m reading here. I’m almost speechless. Whiners and name-calling sheeps, most of them. These guys are showing us that the internet is not SECURE and all I read is people whining about how it was all better “before”?
      Excuse me? Oh, they hacked Minecraft so they MUST be evil,you say? Minecraft didn’t deserve this you say? Well, that’s just too bad,you see, because Minecraft (amongst many others sites,of course) wasn’t SECURE ENOUGH.
      If anything, they showed the world how most sites don’t give a crap about security (The freaking FBI for christ’s sake). But nobody cares about that. No,no. All people care about is ” Leave me alone! I want to play my video games! *sob* ”
      And THEN people say that’s why we can’t have nice things? Yeah.Right.
      On a side note, I just registered to write this (yeah, you guys pissed me off that much), and the registering form was telling me that WordPress is not up to date on this site. So site admins,do your job. You wouldn’t want all those accounts compromised now,would you?
      I’m outta here.

    • Resonance says:

      @I definately could of been a rouge villian but than I could care less

      I don’t know if you’re being serious or not [I sure hope not]
      But you need to learn the difference between “hacking” and “DDoS”.

    • stupid_mcgee says:

      @ definately could of been a rouge villian but than I could care less. says:

      Firstly, it should be “…but THEN I could…” Secondly, the correct term is “could NOT care less.” To say that you “could care less” means that you have some level of regard that could then be lowered. “could not care less” means that, already, you care so absolutely little that there is no way that your concern could be lessened.

      Grammar Nazi out of the way, the “ZOMG! tehy hax’d da FBeyes!” is way overblown. They didn’t hack shit. They launched a DDoS attack against the FBI’s and CIA’s websites. Ooooh. I’m sure not having the public be able to peruse the FBI and CIA websites were just devastating to their daily operations. It was a cheap shot that sounds much more badass than it was. Nothing more than false ego-pumping and delusional grandstanding.

      You can show security leaks without actually releasing people’s sensitive info. Some people say that this helped the public strengthen passwords. Maybe, but I say, “bullshit.” I had a VERY secure password that I used for my PSN. I then had to change that. I recently found out that I had to change my Neverwinter Nights 1 forum password, which isn’t so bad. The annoying thing, though, is that they also got access to my EA ID and password, which was also a very secure and non-redundant password. So I had to change that as well.This may have changed the levels of security for some people, but, for many, this is merely an inconvenience that was brought on by a bunch of brats with delusions of grandeur of being 733t h4x0rz. Compared to Anonymous vs HB Gary Federal, this is horribly elementary.

      So, how has hacking PSN and other sites increased my awareness of password security? It hasn’t. All it’s done is make me update my passwords ahead of schedule, have to take a few out of rotation, come up with a few more to replace them, and made me fearful that my financial info may have been compromised. For those not as security savvy, LulzSec may have seriously compromised numerous elements of their lives. Compromised not with the intent of actually improving security, mind you, but terrorizing others just for “teh lulz.” Which is, you may or may not know, classic textbook psychopathic behavior.

    • ax23000 says:

      well thats just not true.
      im not supporting what they did but the end result has meant a LOT of ppl have strengthened passwords (me included) and quite a few companies have probably tightened security…so what they did was annoying to some……but not entirely worthless on the whole.”

      Yeah, but the sad truth of the matter is that neither of those things made anyone safer. They provide the illusion of security and make people feel better…but that’s really it. At the end of the day any “tightened security” can and WILL be bypassed. Stronger passwords? Sure, a good idea, and worth having…but of course if the site can be hacked then your password, no matter how strong, can be compromised.

    • gwathdring says:

      At the end of the day, people with enough time and skill will find ways around anything beyond quantum computing security (and who knows … maybe when we next update the Standard Model even that won’t be sacred). Security vulnerabilities are always going to exist and there will always be people who discover them. So it’s up to those discoverers not to exploit that knowledge for personal gain. It’s not up to us to protect ourselves from the noble souls who just want to show us how insecure our stuff is by kindly lightening our pockets. It’s up to them to be more responsible with the knowledge and techniques they have.

      Practically speaking, of course security is important. Or course we and the companies that hold our data should be more careful. But that’s only because people like this are exploiting us in the first place.

    • DK says:

      “im not supporting what they did but the end result has meant a LOT of ppl have strengthened passwords (me included) and quite a few companies have probably tightened security…so what they did was annoying to some……but not entirely worthless on the whole.”
      No the end result was thousands upon thousands of people having their personal details, including credit card numbers, birth dates and other sensitive information released into the claws of people of zero morality.
      The end result is straight up criminals getting their hands of other peoples money illegitimately – not lulz, not any kind of “lesson”. Just straight idiots doing idiotic things because they lack even a single shred of humanity or prinicple.

    • Neoviper says:

      @I definately could of been a rouge villian but than I could care less

      My argument against “minecraft deserved it because they weren’t secure enough”, is that I would rather they spent their effort making better games rather than being forced to spend time and money on a higher level security. If people didn’t hack them just because they felt like it, or felt like minecraft wasn’t releasing updates fast enough or whatever that debacle was that happened a while back, then they could put all their time and resources into making better games and releasing them sooner.

  7. OJSlaughter says:

    Allegeged member arrested and the whole thing goes away

    That is porably not a good way to look at it…

    • Wulf says:

      I don’t think anyone really important to their movement was arrested. I think this is happening now because real hackers who’re pissed off at seeing the media refer to LulzSec as hackers are now gunning for them in big and nasty ways.

      That’s the real cause of this.

    • FunkyBadger3 says:

      Nastier than getting arrested and handed over to the CIA/FBI?


    • Soon says:

      Those real hackers just exposed the underground scene to a huge mass of people who were ignorant of it; with actions similar to those of LulzSec. I’m not sure they helped their case much.

  8. Bilbo says:

    Good riddance.

  9. StingingVelvet says:

    Yes, the can write. They might even make some good points. However they are still lacking any empathy for human beings that don’t follow their desired lifestyle, which makes them sociopaths.

    • Bhazor says:

      Yes they can write. Not very well though. Their last statement is rambling, unfocused, scans poorly and is as self congratulatory as A Glorious Leader’s inauguration speech.
      They sum themselves up well though.
      “If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”
      Impotent man children desperately seeking attention, any kind of attention, and for someone to pat them on the back and tell them how clever they are.

    • vash47 says:

      Nope. You don’t know what a sociopath is.

    • svge says:

      Yup, your idea of a sociopath is hilarious.

      I’m one of the entertained, and regardless of how they did it they made their point. As someone who was not affected in any way I found all quite joyfully out of control. (I don’t condone what they did but as an onlooker it was more interesting than normal internet.)

    • sinister agent says:

      I’m with Bhazor. That statement was a rambling load of self-congratulatory toss. It was of a high standard for the kind of people who use internetisms like “lulz”, but that’s not really saying much.

  10. Oak says:

    And in the end, it became clear that we are the real monsters.

  11. Sardaukar says:

    I am quite paranoid and despite being a long-time computer user, am comparable to a grandmother when it comes to torrent security. I’d like to grab that 50k user list to see if any of my accounts are on it, but I have no idea as to the legality of that or the risk of, you know, downloading something from this group.

    • sonofajoiner says:

      Snap. Any chance the list has been put up anywhere else?

    • skurmedel says:

      I downloaded it to see myself. And I found myself in one of the lists. The password was salted (presumably) and hashed though… and hopefully unique. But still, it’s in there, making me rather annoyed. I guess I’ll have to go and make sure some more of my accounts are 100% unique.
      I’m paranoid about these things, got my Steam account snatched a couple of years back.

      The 50k user list is just a big old text file though, so there is little risk, decent software let’s you choose exactly what files you want. As for the legality, no idea, but I think any court could sympathise with your cause.

      What can be found:
      In the 50k list, account names, sometimes email. Passwords, hashed and plaintext (sigh…)
      In the BF Hero’s list, account name and hashed password.

    • Kadayi says:

      I found a Sardaukar and a Sardaukar117 in the battlefield list (nothing in the other gaming one), but there were no email accounts with the names, just encryption codes.

    • tawa says:

      I believe a nice person has uploaded the relevant txt file here;

      link to

      (That is just the gaming forum list tho, I assume all the BFH Beta/Hackforums members details were released)

    • Sardaukar says:

      I know I’ll be on the BFH list, but it won’t be under this name. I am curious, though, as to whether the PW’s are recent, or from the beta era. Will be changing my EA password again, second time today.
      EDIT – Thanks for that link. Let’s see…

      And I don’t seem to be on it, whew.

    • Kaira- says:


      I don’t know if I should be scared, but the captcha to download the file said “HAKC” for me. Curious, and frightening.

      Carry on, everyone.

    • tawa says:

      Aaah, serendipitous synchronicity. Mine said 2AN3… Zane? It’s all a conspiracy by annoying BBC music presenters.

  12. The Hammer says:

    “For the past 50 days we’ve been … exposing corporations, governments”

    No you haven’t.

    • lightstriker says:

      There was a typo. They meant to put in “Passwords”.

  13. Hirmetrium says:

    Rubbish, I’m on that BF heros list.

  14. Duckee says:

    Anyone who know what these gaming sites were? There might be a few forums around where I might have made an account once.

  15. Ergonomic Cat says:

    Somehow I’m a bit nervous about d/ling a torrent from them….

  16. frenz0rz says:

    Just found my username on the list of Battefield Heroes users.

    Thats… quite scary. They didnt get anything other than my username though, right?


    For fuck’s sake, what did I ever do to them? I honestly cannot remember what password I used for that thing. It was over a year ago, and I only played it for a short weekend before getting bloody sick of it.

    • skurmedel says:

      Join the paranoid party :/

    • Araxiel says:

      Same here. I did change my password though. You can never be sure enough and I was pretty high on the list, in the first seventh I would say judging by the scrollbar. If you want to know what I thought and did, I wrote it down on page 2

  17. Alistair says:

    In what sense can they write? This is adolescent pap.

    • Echo Black says:

      Indeed, it’s pretty embarassing

    • Marijn says:

      Yeah, Jesus Christ John, I hope you were being ironic. Overuse of metaphors, clearly in love with their own cleverness and purposefully vague spiritual uplift. I you liked this, I’m suer I can drum up some angsty teenagers to produce more of it.

      I’ll put it down to a lapse of judgment brought on by the conflicted feelings you have on the whole affair.

  18. Exitalterego says:

    What these guys have done is morally and reprehensibly wrong. Releasing the personal data or innocent members of the public for the ‘lulz’ can never be justified.

    However, I also have a problem with the likes of EA keeping my personal data for an account that to all purposes is dead. I registered to play Battlefield Heroes back when it launched, didn’t enjoy and stopped playing withing a day. I know find that my account is still open, despite zero use in two years, and the only way to remove that account and any associated personal data is to jump through customer services hoops.

    If nothing else, all this has made me wonder what else I’ve signed up for in the past, provided personal information to, used briefly and then forgotten about.

    • skurmedel says:

      Probably a bazillion different sites. Every damn publisher and what not needs their own account system, their own stores, their own activation servers.

      And I agree, that password table should’ve been pruned as soon as the beta was over.

    • Araxiel says:

      You don’t even know what happens to your personal data here, on RockPaperShotgun.
      I’ve got a bad feeling that Alec is hoarding all this information, every word we say, every inch of attestation in his underground bunker below his house.
      I really don’t believe this guy. His eyes are too close together.

    • The Hammer says:

      It’s not his eyes – it’s his nipples.

    • pepper says:

      Dont forget all the multiplayer games that require a account nowadays, I hate it. Remember when you could just drop in a name somewhere in the multiplayer options(half-life, any quake engine game etc).

    • Nick says:

      his nipples are too far apart.

    • Araxiel says:

      The great council of RPS comments has hereby decided that LulzSec are wankers and Alec’s nipples are too far apart. To ratify this let the Magicka brigade bring in the holy vial filled with consol-players’ blood.

  19. Flobulon says:

    Was just thinking the same…

  20. alilsneaky says:

    Ah the things people get mad over on the internet.

    There are way bigger injustices happening to people all over the world right now that you should be getting worked up over, rather than this.

    • skurmedel says:

      Are one of your accounts in one of those files?

    • MountainShouter says:

      I don’t exactly see you lining up to rid the world of injustice and evil either.

    • gwathdring says:

      I must say I find your statement irritating for the same reason I am logically, philosophically, and in all other ways irritated by the classic parenting trope about children starving in poor nations meaning you should eat your snow peas.

      First of all, not complaining about this is not the same thing as complaining about more worthy atrocities any more than eating your snow peas changes the fact that you’ve “consumed” the food at the time of purchase. And of course, complaining about worthier atrocities doesn’t fix THOSE either.

      Unless you are suggesting that we abandon the modern,western, technology dependent lifestyle it is somewhat unreasonable to suggest that we that we remain unconcerned about such technical worries as account and identify theft. You could tell victims of robbery not to complain about losing their luxury items like watches and jewelry while in other places people have no food to eat. But when some crook empties their bank account they aren’t exactly in an aristocratic wonderland of fun either.

      It’s more complicated than what your comment suggests. The world isn’t broken down into have and have-not nor do morality and justice demand that the most well off suffer nonspecific injustices as some sort of non-sequitur balancing mechanism.

      What you are missing, I think, is a healthy dose of relativity and perspective. Pardon me while I go put these snow peas in the compost.

    • Burning Man says:

      Kindly go fuck yourself.

    • raptormesh says:

      Ah you’re about to hack off my pinky? Yeah go ahead, I won’t complain because I have syphilis, and that is way more important.

    • svge says:

      Fuck internet security, there are bigger things to worry about.

      Seriously though, if everyone cared about feeding the poor half as much as they did about their game accounts the world would be better.

    • gwathdring says:

      People can care about more than one thing, you know. Our capacity for concern is indeed limited, but not so limited that we can’t manage our daily lives AND donate to the local food drive. Worrying about Internet security is part of managing a day in the life of this digital world.

      Poverty is indeed a huge problem. As are the rising of the ocean water and a multitude of other global catastrophes. I personally do not have it in me to go ascetic and live my life with no purpose beyond public service. I do not believe myself capable of that at this point in my life. If you are planning such an endeavor, I salute you quite sincerely. Otherwise I would appreciate it if you kept your sermons more relevant to matters at hand instead of informing people they should care more about feeding the homeless in the comments thread about a massive security breach that, for some people, could lead to a number of headaches and minor (but perhaps quite stressful) digital property loss.

      I genuinely appreciate people who can reflect on the things they are passionate about in the context of the world at large, and recognize their relative importance. But has anyone given you reason to assume they lack that perspective? Has anyone said in a serious way “Screw the homeless, I want to deal with this hacking issue?” In context, your remarks come off as glib and insincere, though I expect you did not intend that.

    • tanith says:

      Mr. Gwasthing:
      I think you are the one who lacks a sense of relativity.
      What the original poster had in mind, probably, is that there is no use in working oneself about something that has happened. I was affected by the CodeMaster’s hack, yes – so I just took a couple of hours and changed my passwords everywhere and then forgot about it so I could concern myself with things that actually lie in the future and can be changed rather than being butthurt about something I have no control of.

    • Kadayi says:

      Yet here you are at a gaming new site, reading and commenting on this very article. Shouldn’t you be out there saving the world?

    • gwathdring says:

      You are completely out of context. It is not your business to tell me or anyone else here, how upset they ought to be. Share your opinions, share your personal level of upset, tell them what you think or feel about the whole situation. But I don’t think you have a right to tell me that I don’t care enough about the fate of the world simply because I have a vested interest in video games and digital security.

      I don’t know what being butthurt means, but I’m not especially choked up about the whole situation either. I do however understand why some people might be. I also trust that they, as mature human beings, can figure out how to reconcile their upset when something more serious like a hurricane or a food scarcity occurs.

      I’m a multifaceted individual. I can care about several things at once. And sometimes, I get upset about things that in the grand scheme of life, aren’t important. Feel free to share how you deal with these sorts of things, but you probably shouldn’t tell me how to feel about things. It is unbecoming.

    • Darkjester says:

      “Yet here you are at a gaming new site, reading and commenting on this very article. Shouldn’t you be out there saving the world?”

      You’re also commenting on this gaming site instead of “saving the world.” You’re just being hypocritical. Unfortunately, anyone who thinks we can all just go out and “save the world” is naive. Multitudes of huge problems plague us. We’d be hard-pressed to solve just one, let alone all of them.

      I say that instead of telling ourselves that we will someday save the world, we should try to live in a way that does not harm other people and species, nor the environment.

  21. squirrel says:

    What they should do is to demand that the law enforcement steps in and bring those releasing the exploits to justice. Accessories of felons are themselves felons.

    Unless that they believe law enforcers are in the same party with the conspirators.

    BTW, no offense, but it’s too risky to hyperlink to hackers’ sites. How do you know that they do not contain malwares? Browsing by Firefox wont protect you everything, mates. Let alone those who have no sense of security at all to visit those by IE.

  22. mda says:

    How can I find out if any of my accounts are in their random gaming forum text file?!

    I probably can’t remember more than 20% of where I’m registered off the top of my head.

  23. Grayvern says:

    I get the feeling that these are the worst kinds of people, that even were they to come face to face with any negative consequences of their actions they would be unable to empathise, and if punished would simply be indifferent or laugh.

    As to antisec, it’s bullshit, security vulnerabilities are an underground business of hackers who create easy to use programs that exploit these weaknesses for organised crime.

    If antivirus companies were responsible that money trail would be evident and someone would have said something, besides anti virus companies would only be ripping off corporation if this were the case no semi aware home use pays for anti virus/ spyware.

    • gwathdring says:

      At least some of the nastier worms have been developed by independent hackers. Every now and then one of them gets caught bragging or simply gets out-hacked.

      Mostly though I just think a conspiracy is unnecessary. Even if it was true and anti virus corporations were shut down, I’m confident there are enough malicious people on the internet with the time and know-how to exploit bugs and security flaws in home computing systems and corporate servers to pick up the slack and continue to create a need for such software.

  24. Araxiel says:

    Ok, that is definitly strange:
    1) I downloaded the releas files
    2) My name is in the Battlefield Heroes List under “Araxiel;”f7e03c70d93f60cd118f~more random numbers~””
    3) I tried to login on link to with my Mail and the Password I used three days ago.
    4) It didn’t work. I retyped it several times, didn’t work
    5) I started ME2, tried to login. Did not work.
    6) I’ve used the “forgot password” ability
    7) I recieved a mail with a link to reset my password
    8) I changed my password and it now works perfectly fine

    So what was that all about? Did EA change the password of everyone as security measure?

    • bleeters says:

      Yes, they reset most of them a few days ago.

    • Sinomatic says:

      EA/Bioware sent out a bunch of emails yesterday telling people that they’d reset their passwords (and to go and reset your password again), though they attributed it to an old neverwinter nights legacy server being hacked, or some such.

      So that might well be why your EA account wasn’t working with the password you had 3 days ago.

    • Saldek says:

      In fact, they reset them “in an abundance of caution”. Just goes to prove rarely used collective nouns are like catnip to the customer services kind.

    • Araxiel says:

      EA actually…helping…their customers…??!!!


  25. bleeters says:

    So, still a rabble of bastards then.


  26. Kevin says:

    Could be that one of them finally noticed an out of place ice-cream van outside their house with a satelite dish conspicuously coming out of the top.

    Plus the men in fedoras on a bench reading the paper when they’re in the park walking their doggie.

  27. BurningPet says:

    Sighhh, just checked the random forums list and i am nowhere to be found, which is very good as i am one of those stupid people who uses the same password for every account i ever created since the birth of the internet.

    off with their heads non the less i say.

  28. viverravid says:

    I thought Hitler was a dog person

    • Kollega says:

      Yeah… i’ve also thought that Hitler was a dog person, since dogs are obedient and any dictator likes when he’s obeyed without question. Probably goes to show those Lulzsec guys are talking out of their collective ass :P

  29. cncplyr2 says:

    #drunk housemate, apologies#

    • svge says:

      So because you realise your passwords should change, giving information to anyone who hasn’t realised the obvious is bad? (and you are daft if you don’t follow the advice by the way.)

    • John Walker says:

      Er, using the same password everywhere is daft.

  30. Bobtree says:

    If anyone wants to check the released Battlefield Heroes beta account list for their names, someone was nice enough to share it here: link to

    The file is 25MB of usernames and password hashes (easily crackable apparently).

    I played Heroes (very briefly), but luckily must have skipped the beta.

  31. Chesterton says:

    First: This is what happens in a society that promotes & encourages the idea of moral relativism. We’ll only see more of this in the future sadly.

    Second: In light of not just Lulz, but other major sites being compromised…I highly, HIGHLY suggest using a password manager. After another email/password release earlier this year, I switched over to using LastPass, and it is fantastic. I’m sure it isn’t 100% secure, but you certainly get much less freaked out when a site you signed up for eons ago is hacked.

    • gwathdring says:

      I think you’re over-reaching quite a lot there. Moral absolutism doesn’t solve these problems. If anything it makes the discussion after things like this happen more adversarial and less constructive. It allows us to scapegoat crime and catastrophe as the work of a few bad apples rather than forcing us to look at the complicated machinery of it all. Looking a things in terms of moral absolutes doesn’t fix the fundamentally relative nature of our cognitive analysis and doesn’t prevent us from making mistakes and hurting each other.

      Concepts like good and evil come out of moral absolutism. Concepts that have no meaning, no context, and that lead to as much pain as aid in times of crisis. They allow us to label our way into complacency and to continue misunderstanding one another without aim and without end.

      If your moral code is absolute, that’s perfectly fine. I have nothing against that. But the reality is that not everyone will agree with your code. And since we all have to live together, we need to compromise. Because maybe you’re wrong. Maybe I’m wrong. Maybe there is an absolute good and an absolute evil … but we don’t know which of us is correct about the shape and scope of those absolutes. Relativity and compromise allow us to collaborate anyway. That’s important. That’s the backbone of a functioning society, in my opinion.

      If nothing else, I don’t think this is even an issue of morality. Yes there are criminals that create their own moral code to justify themselves. But there are people who would do this in a society of absolute morals as well. Some people disagree. Some people just want to rebel and find a cause to join once they break out–or make one. Some people just don’t fit in, and have to rationalize that somehow such as by creating their own blueprint for a different kind of society. There are as many reasons for defining one’s own moral code outside of society as there are ideological splinters in human history. We’ve had criminals and legitimate revolutionaries who have done things, right or wrong, that broke with society as long as we have had societies. I simply fail to understand why you think moral relativity is responsible for Lulsec hacking into people’s personal data.

  32. kor says:

    Be as mad as you want if Lulz Sec have inconvenienced you, but I don’t think they are the enemy.

    If they can do it, what’s to stop 100 other similar hackers doing the same but NOT publicly, with actual serious malicious intent?

    To me all of this is good, and good on them. They have raised awareness of how poorly our personal data is stored. They wouldn’t have done so without the proof they published.

    However thats not to say they couldn’t have handled it better~

    Just my opinion.

    • gwathdring says:

      They’ve had malicious impact, which matters a lot more to me. I also don’t think it’s better when they pull public stunts like this. If your account gets stolen quietly that’s inconvenient and emotionally distressing. You try to make it more secure next time. If a whole bunch of accounts are compromised, the company attempts to deal with it and notifies customers and you try to make it more secure next time. When someone posts all of the information for general consumption online, then … the same thing happens. Maybe the hackers themselves don’t steal your money or your account, but some other criminal reading the list of released accounts sure can.

      I suppose I don’t understand. Why is it ok to raise awareness about security flaws by exploiting people and causing them to lose their property? When you say that, it sounds like this to me: it is ok to grab someone’s personal item off a bench if you leave a note saying “you should watch your stuff better” and then put the item in a big public display in the park with identifying information on it along with a bunch of other similarly placed items; any old snoop can now walk up and steal it. But they’ve taught you a lesson, right?

      I think it’s theft. It’s bullying. It’s a power trip. However they rationalize it, the results stand: people are going to be inconvenienced, financially hurt and harassed through spam calls/mail/e-mails. This is not helpful. Making people aware of security issues by exploiting them in harmful ways makes you part of the problem. Sure you make people more aware of it … but that’s only because you’ve become a noisy perpetrator yourself.

      There are constructive ways to deliver the same messages. Heck, if you want the thrill of hacking and can’t keep your nose out of people’s private property then find a way to deposit a security warning on their computer without publicizing their private data for thieves to exploit. I still think that’s infinitely less helpful than traditional awareness methods (news articles, blog posts, chain letters, town crier calls … communication, in other words). But it’s also way better than what these guys are doing.

    • 0p8 says:

      …”I suppose I don’t understand. Why is it ok to raise awareness about security flaws by exploiting people and causing them to lose their property? When you say that, it sounds like this to me: it is ok to grab someone’s personal item off a bench if you leave a note saying “you should watch your stuff better” and then put the item in a big public display in the park with identifying information on it along with a bunch of other similarly placed items; any old snoop can now walk up and steal it. But they’ve taught you a lesson, right?”

      sorry but thats a bad analogy.
      when you go to a park or airport etc. you dont see dozens of wallets and purses lying around on benches.

      ppl a fully aware of street crime already,and have been for a very long time.

      imagine if you went to a country that had never experienced street crime, and tried telling everyone to watch their belongings while in public, what do you thing everyone would do?
      they would probably just go “yeah,yeah,ok ”

      the truth is they wouldnt do anything until they saw a direct effect of what you were warning them about.

      this highlighted some of the basics of internet data protection, and as you know society has a habit of not doing anything constructive to protect themselves until the very last minute, or until something bad actually happens in a public way.

    • gwathdring says:

      I still don’t think it’s not a bad analogy. I’ll give you that it’s not a one-to-one correlation. But as yours overgeneralizes in exactly the same way, it seems a moot point. Our analogies are on equally uneven footing. ;)

      In a country that had never heard of street crime, there would either be a significantly lower risk of losing one’s wallet at the park to begin with, or said street crime would have to be perpetrated by magical ninjas with jedi mind powers. :P

      Getting back to the issue, how is allowing someone else to steal publicly offered stolen property somehow alright and less malicious than stealing the property in the first place? Current legal tradition would, at best, dub such an act “accessory to …” the crime in question and assign punishment accordingly. Either way, someone’s stuff if stolen and it’s the fault of one or more criminals. Either way, someone has now been given a reason to be afraid and is now going to be more vigilant–at least for a while.

      Is that why it’s ok then? We deserve to have injustices committed frequently enough that we remember not to trust anyone? For me, that doesn’t compute. I simply cannot understand how you come to the logical conclusion that injustice is not only tolerable, but altruistic and laudable, on the grounds that it reminds us injustice exists.

    • 0p8 says:

      oh, absolutely not, i dont think this is ok in the slightest, and im sorry if i gave you the impression i was endorsing this.(i’m pretty sure i didnt say anything that supported or encouraged this kind of thing?)
      ….my view is that this was an unnecessary act, but its been done anyway,so we may as well see what we can learn from it, just like any other incident or crime. i just wanted to point out that at least some of us have made some changes or at the very least witnessed how vulnerable some of these companies that hold our private information are.

    • gwathdring says:

      Ah. My apologies. I shouldn’t have assumed. I was unconsciously connecting your statements to those of the original poster who did seem to be suggesting that it’s ok.

      In that case, fair point. :)

  33. mda says:

    edit – deleted – realised my previous post had just moved not been deleted – cheers

  34. gwathdring says:

    I’m still lost. I understand the Anti-sec movement, sort of. There are parts of it that make sense and parts of it that don’t.

    But what the hell does attacking Battlefield Heroes have to do with that? I’m at a complete loss for how they could actually think anything they did was constructive or brought awareness to important movements …

    Are they delusional or do they just think everyone else is stupid?

  35. kenoxite says:

    [Edited rage]

    Well, at least there’s a winner here:

  36. bill says:

    Is there a list of which gaming forums?

    Ignoring the methods, i think this has done a good job of highlighting a lot of dangers on the net.
    – Many servers aren’t secure. (and never will be imho)
    – Way too many sites ask you to register for no reason. (which is a big security risk)
    – Sites keep your information too long (see below)
    – Using different usernames and passwords on every site is a pain, but not doing so is a risk. gah!

    I remember reading a proposal that government legislation should make user data “degrade over time”. So it’d slowly lose details before disappearing entirely. Seems to me that this would be a good idea. It’d be useful to have a set period where we know that the data would persist, but then expire.

    I don’t use many gaming forums these days, but there’s a chance of some old account from 5 years ago being on there. Which is annoying as i can’t even remember which forums i’ve signed up to, or what details I used on them.

    • Kollega says:

      Is there a list of which gaming forums?

      I second this question. I don’t really want to download the list for security reasons, but i would like to know if my data might have been compromised.

      The degradeable data is also a very good idea, so when someone stops using the forum the data starts disappearing after a set time. Would help immensely with those things you sign up for and then stop using and eventually forget. Doubt that will be instituted with all the emphasis on data mining nowadays, though.

    • gwathdring says:

      That would be a wonderful piece of legislation. I don’t like being at the mercy of a company’s privacy policy long after I have decided to part ways with their products and services.

      There were a lot of insightful regulations that went into the telecommunications system over here in the states before cell phones started springing up, but all of that sort of stopped when all of the infrastructure got privatized in the 90s. I think we were afraid of the level of innovation required to deal with regulating the Internet, panicked, and sold control to the private sector. Which has had some upsides and some downsides.

    • Ice-Fyre says:

      Use mailinator, if your not really gonna stick around a forum long term

      link to

    • Lambchops says:

      Third this question. I can’t use torrents at the mo and it’s entirely possible I may have signed up on some gaming forum or other back in my less security conscious days.

    • bill says:

      I often DO use mailinator, or some other temporary solution. But the problem is that you often DON’T KNOW if you’re going to stick around somewhere for long.

      I visited RPS once after following a link, so i signed up with “bill” which is a very dull generic name, as i didn’t plan to stay…. but now I’ve been here for a year or so. Yet other sites that I’ve signed up with, and been sure that they’d be great, i’ve stopped using very quickly when they turned out to be less so.
      this is even worse for lots of web apps, where you have to sign up to try it – but don’t know if you’ll like it until after you’ve chosen your username and entered your info. grr.

      Then you go back, want to log in after a few years, but can’t remember which mailinator address you used for that particular site..

  37. Sinnorfin says:


  38. therighttoarmbears says:

    Question: is EA bothering to email you if you were one of the ones compromised? I played BF heroes at some point (not particularly exciting, FYI) but have not received any email about it and am at work and cannot yet verify if any of my names are the list.

    Seperate question – they have a vendetta against people who publicly expose security exploits, and they mete out justice by exposing security exploits? Doesn’t make much sense, but doesn’t have to I suppose, this is the internet.

  39. Heliosicle says:

    I’m on the BF Heroes list :(.

  40. Darkjester says:

    Those bastards. Now hundreds of thousands of people have to change various passwords because these people have delusions of rebellion and disruption. These fools aren’t entertaining anyone; they’re just making people angry by doing stupid, rash, malicious, thoughtless things.
    “Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”
    Who do they think they’re kidding? They’re not starting a revolution or involved in ‘hacktivism’; they’re just stealing a bunch of people’s information and jeopardizing their security. What idiots.

    • Darkjester says:

      Well, I changed all my passwords. =)

    • jalf says:

      Those bastards. Now hundreds of thousands of people have to change various passwords because these people have delusions of rebellion and disruption

      No. Hundreds of thousands of people have to change various passwords because the companies storing said passwords are lazy and incompetent, and because we, the users, were using lousy passwords.

      As someone said further up, LulzSec isn’t “the enemy”. In the grand scheme of things, they don’t matter, because whether or not they go around hacking websites, they’re a drop in the bucket, and countless of other will do it regardless of Lulz’s actions.

      They’re still immature pricks, but it’s not “because of them” that you have to do anything. They’re not unique, and it’s not because of them that it’s so goddamn easy to hack a lot of websites.

    • Darkjester says:

      First of all, my password was NOT something lousy like “12346” or “abc123” or “password.” My password is so complex that I can tell it to someone multiple times and then they can’t remember it. Sure, some people use lame passwords, and they don’t have a right to complain about being hacked.
      Also, I think that there are two enemies: the websites that don’t protect people properly, as well as people who obtain people’s personal information by hacking and then release it. LulzSec is an enemy, just like the companies that don’t protect us like they should.

    • gwathdring says:

      Well put, darkjester.

      I do understand the point that Lulsec are just a few out of thousands and thousands of malicious Internet users. But that doesn’t mean they aren’t the “enemy.” Being one out of many still makes you, well, one. They’re still part of the problem, they’re still part of the reason security is an issue to begin with, and they can still thus be considered an enemy by anyone who wants a secure, peaceful Internet.

      But as both you and Darkjester pointed out, companies that skimp on simple common sense security measures are also part of the problem, especially when they crunch the numbers and decide it’s easier/cheaper to hand out free games and only upgrade their tech once it’s been compromised.

      This sort of thing has been going on in the American auto industry for years: whenever a new safety regulation comes out, some factories intentionally hold off on certain features and upgrades in those cases where it’s cheaper to pay the fines. But when there aren’t even regulations and fines to add to the calculations … it’s a lot easier to decide not to make the switch. This in no way excuses lax security and the damage it does to customers, but it certainly makes more Internet regulations look awfully helpful.

  41. Evil Otto says:

    Thank god I’m not on the BFH list.

    This reminds me of when the first ATMs were placed. It took a while before they became robbery targets. Only now are we beginning to see that giving out personal information always comes with risks. This story hasn’t ended yet.

  42. sendmark says:

    Lulzboat got titanic’ed. Hopefully they all get arrested and can enjoy some quality prison time.

    • Evil Otto says:

      That would actually be a waste. Hacking so many organizations and authorities in 50 days is quite an achievement. They would make good security people at the companies they hacked.

      They do deserve some time in jail, though.

    • pepper says:

      Executing automated attacks and running scripts do NOT make good security people. As a matter of fact, these kiddo’s would not be able to detect or handle a real cracking attempt(note that they are not crackers nor hackers, they are script kiddies.The lowest known life form in both communities).

      Also note that a hacker would not release the information, but contact the network administrator and detail the problem with a possible solution.

  43. Tldr says:

    checked my account it’s really old bfh data…

  44. Kittim says:

    I can’t say I’m sorry to see the back of them.

    It has highlighted just how feckking poorly kept our personal data is though. Will the companies that were hacked be in any way held accountable? I doubt it.

    I don’t think I’ll be signing up for any accounts that store credit card info any more.

  45. IncredibleBulk92 says:

    I don’t even understand how releasing people’s personal details could be fun. I have access to hundreds of thousands of people’s data every day. I could so easily throw them on a USB stick if I really wanted to but why? They are just cunts, I hope they all get caught and paraded around.

  46. Uglycat says:

    Before you start hurling money at, there is an open source alternative link to Recommended by no less a person than our own Bruce Schneier!

  47. obowersa says:

    First things first, if you want to check the situation with your password without downloading the lists, go here : link to .
    With that said…Really guys ? The nativity and stupidity in this comment thread is astounding. While I don’t support lulzsec, the idea that they are the worst thing out there is crazy. As is the fact that it’s ‘there’ fault you need to have different passwords for different sites.
    Simple fact, lulzsec aren’t very good. The attacks which were carried out were either distributed denial of service attacks, or, for the most part, using publicly available vulnerability and SQL injection scanners.
    Think about that. Your data, passwords and emails for these sites, were potentially available long before lulzsec came along. While their methods are immature, they have raised awareness about these issues. The sheer volume of people on here complaining that they have the same password for multiple sites is a sign of that. I don’t have the same PIN for my work pass as I do for my bank account due to the same reason.
    With all the above said managing passwords in the current world is a pain. Go have a look at this video, link to , follow the advice. Get something along the lines of kepass. Use it. It’ll make you considrably safer than having the same simple password for each site.

    • Kadayi says:


      1) ‘their’ (as in ownership) Vs ‘there’ (as in location)

      2) It’s one thing to highlight a security issue, it’s another thing entirely to actually release a whole raft of peoples personal data, to every ying yang and bottomfeeder on the internet.

      This isn’t a case of ‘you people need better passwords’ it’s a case of ‘you companies need more secure networks’ so punishing actual forum users doesn’t achieve anything constructive I’m afraid.

    • obowersa says:

      I’m not saying people need better passwords, although I’m sure some do. The biggest issue is password reuse. Fair point on the there/their mind you.

      If you have a separate password for each system, then loosing the password to one system isn’t a huge issue. I don’t agree with lulzsec releasing the information the way they did, I just think that the reaction is being blown out of proportion.

      The information was trivial to obtain. A lot of it has most likely been obtained in the past anyhow and not posted publicly ( some of the password dumps were held onto for months.) The only difference between lulzsec and other groups is that they at least let the world know what they had. The idea that a lot of this stuff hasn’t been obtained in the past is absurd.

      I’d rather someone stole the information from a forum and shouted about it, so I was aware that I needed to do something, than used it to say access my emails due to password reuse.

  48. Tei says:

    Heres my problem.

    My password is in Battlefield Heroes Beta (550k users).csv.

    I have given my password to ELECTRONIC ARTS in faith that ELECTRONIC ARTS will not share my password with the world.

    ELECTRONIC ARTS has shared my password with the world.

    Do I trust EA again with the service ORIGIN?

    • Wulf says:

      Hence why I have faith in Steam, really, and buy most of my games there. There was only one time when Steam was ‘hacked’ and the whole thing turned out to be a not particularly clever hoax (which many were guessing at the time, anyway) with the help of a cyber cafe who had a Steam license.

      Origin, Impulse, Direct2Drive, Gamer’s Gate,, and are all more likely to be hacked before Steam. I think the truth of why this is is in how shrewd of a person Mr. Newell seems to be. For a man like that to not have taken a bunch of security geniuses under his wing to constantly keep his network up to stuff would be unthinkable. I can’t help but think that Steam’s inner security workings are terrifyingly effective, and this is why no one’s succeeded.

      But yeah, I agree, EA and anyone with shit security is just as responsible as LulzSec. I’m not defending LulzSec here (don’t be so damn binary) because their actions were deplorable, but it really does show how poorly these gaming companies think of us. Most of them, anyway. And they’ll get hacked time and again. And people wonder why I trust Valve.

      In regards to LulzSec, just to segue a little here, if they hadn’t been massive dicks and they’d only released usernames and partially censored email addresses (no passwords and no full email addresses for people to make use of), then I think most of us could’ve gotten behind them and what they were doing. Their message wasn’t bad at all, it’s just that their execution was completely shit, and it turned them from being saints to being shits.

      I mean, if I were a hacker, that’s how I’d do it. Release the information to prove that you have it, which will be able to be verified by some people, but keep the dangerous parts out of the public eye. Then do that time and time again. That’s an approach I could support. It’s not that I disagree with what they did, that happens all the time and people need to know about it (which I think is the sentiment of your comment), but I think they were just dicks in how they went about it.

      The message of: “We’re not going to release your personal data, but it was easy for us to hack them, so it would be easy for others to hack them, too. We suggest following this guide to having a different set of user details, including a different strong password, for every site you use. There are Firefox extensions for this too, even, and our guide will help you achieve the security you need, because these guys don’t give a damn.”

      You know what I think LulzSec was? Wasted potential. A hell of a lot of wasted potential.

    • stupid_mcgee says:

      @ Wulf:

      Well put and spot on.

    • gwathdring says:

      I agree wholeheartedly, Wulf. Well put.

    • Valvarexart says:

      Sorry, that just seems like utter bullshit. Read it through again and you will realize why.

  49. Vexing Vision says:

    I’ll believe this if they can keep their feet still for a month or so.

    Remember their call for “Utopian corporate-free internet”? Yeah. Well.

    • Wulf says:

      Except that already exists. You just have to know how to look for the blacknets. Personally though, I prefer being out in the open, even if the corporations are here, too.