Did lulzsec expose your friends password?

I assume you have all heard about Lulzsec over the past few months so I will not go into their backstory and instead get straight to the point.

Yesterday, 26th June 2011, they released their last data dump on ThePirateBay (TPB) containing usernames and passwords from a few different sources. One of those sources was hackforums.net, I myself had registered here once upon a time. Luckily I had signed up with a disposable password. It turns out however that, yes, that password was leaked in the final lulzsec data dump.

The data dump has now been removed from TPB due to some of the files allegedly being infected with malware. So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/

So then I began to wonder, If I was on that list, who else I knew may have been on it.

So I decided to write a quick Ruby script which would check just that.

First off, I had to download my Google contacts. To do this simply go to http://contacts.google.com.

I exported all of my contacts in Excel format. Highlighted the email column and pasted them into a file called contacts.txt. (remove the column name from the text file)

Then simply run my (very rushed, it’s 1AM) Ruby script which can be found here; http://www.pastie.org/2126584 (you will need to install the Typhoeus gem)

#!/usr/bin/env ruby

require 'rubygems'
require 'net/http'
require 'typhoeus'

found_emails = []
hydra = Typhoeus::Hydra.new(:max_concurrency => 20, :timeout => 2000)

file_contents = File.open("contacts.txt","r") {|file| file.readlines.collect{|line| line.chomp}}
emails = file_contents

emails.each do |email|

  request = Typhoeus::Request.new("http://dazzlepod.com/lulzsec/final/?email="+email.to_s)

  request.on_complete do |response|
    puts "Trying " + email
    if response.body =~ %r{<strong>1 account</strong>}
      found_emails.push(email)
   end
  end

  hydra.queue(request)

end

hydra.run

puts found_emails.size.to_s
puts found_emails.inspect

Out of my 900 contacts, 4 of them were in the lulzsec data dump. I have informed them.

Try it out and inform your contacts too!

12 thoughts on “Did lulzsec expose your friends password?

  1. Pingback: ethicalhack3er – Did lulzsec expose your friends passwords? « GoHacker

  2. ethicalhack3r

    @DarkLight

    I since got a hold of a copy of the actual database dump. The passwords are all hashed and salted. Doesn’t mean they can’t be cracked, it’s just a lot harder to do.

    Reply
  3. Pingback: Did lulzsec expose your friends password? | National Cyber Security

  4. yoursurprise-bellatio-3

    The other day, while I was at work, my sister stole my iPad and tested to see if it can survive a thirty foot drop, just so she can be a youtube sensation. My iPad is now broken and she has 83 views. I know this is entirely off topic but I had to share it with someone!

    Reply
  5. car

    Link exchange is nothing else but it is just placing the other person’s weblog linmk on your page at proper place
    and other person will also do sqme for you.

    my blog post car

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>