# List of email accounts for which passwords have been made public



## Brendan Burgess (15 May 2009)

Check this list. 

Send the link to any of your friends who are on the list and tell them to change their passwords immediately.

Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check. 

see this thread for more information

http://www.askaboutmoney.com/showthread.php?t=112778


Brendan


----------



## Latrade (15 May 2009)

Thanks. 

What's interesting is last week using hotmail mobile I would end up accessing a different user's account each time I logged in. I emailed those people to let them know of the problem and a couple of those addresses are listed.


----------



## car (15 May 2009)

a load of those accounts and passwords are real.     Is that from the list of the facebook hackers?


----------



## NicolaM (15 May 2009)

Do you have any sensitive information on your emails?
Eg: bank account details, passwords from other sites (eg password confirmations etc)?

If so, you need to get onto your bank asap/change any other passwords.
I'm not sure what else you might need to do.

Nicola


----------



## JoeB (15 May 2009)

Hmmm, this is not straightforward..

For example, one of the poisoned emails is webmaster@myjob.ie ... now I have advertised on that site before.... so someone may have access to my password and login for that site as it may have been sent from the poisoned email.. if so they can list jobs which appear to come from me...


----------



## Lauren (15 May 2009)

Thanks Brendan, an old email address of mine is there....Just made the necessary changes to it..


----------



## allthedoyles (15 May 2009)

When choosing a password always use a combination of *letters and numbers* and a combination of *capital letters* and *small letters* .Also use the *spacebar* one in between 2 letter passwords .

For example if you choose ' brian cowen ' as your password , you could make it look like this .........Br1an c0waN ( will be encrypted of course )

That is capital B - number 1 -space bar -  zero instead of O and capital N at the end .
NEVER click on a link from an email, to an important website where you need to enter a user name and password .

If you use a decent Anti-Virus , you will also have phishing protection . This will indicate that the Web page address and content have been analyzed and found authentic


----------



## blacknight (18 May 2009)

Brendan said:


> Check this list.
> 
> Send the link to any of your friends who are on the list and tell them to change their passwords immediately.
> 
> ...



It's not a list of email account passwords

It's a list of email addresses and passwords for a website eg. Amazon uses email address + password as do thousands of other sites

Stop trying to scare your members


----------



## car (18 May 2009)

Sorry Blacknight, it is a list of emails and passwords. 

I tried several gmail and yahoo usernames and passwords and was succesful with login.


----------



## jhegarty (18 May 2009)

car said:


> Sorry Blacknight, it is a list of emails and passwords.
> 
> I tried several gmail and yahoo usernames and passwords and was succesful with login.




You are presuming that people use different passwords for their email address and registering with websites. 

Lots don't.


----------



## Brendan Burgess (18 May 2009)

I have edited the OP as follows which I think clarifies the matter:

Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check.


----------



## car (18 May 2009)

jhegarty said:


> You are presuming that people use different passwords for their email address and registering with websites.
> 
> Lots don't.



Oh agreed,  let me rephrase, I do understand what the list is, I was trying to emphasise that it is a list of emails and it is a list of passwords.    Some people use the same login details same for all online accounts be it email/amazon/online shops etc, some dont.   

_Blacknights_ post suggesting that 


> It's not a list of email account passwords


  seems to me to be presuming that all users dont the same details which isnt true.    

_Brendan,_  I wouldnt have posted the list either, I wouldnt place too much blame as you may not have been aware but forum posted emails are gathered by spam robots,  probably too late now.


----------



## blacknight (18 May 2009)

Brendan said:


> I have edited the OP as follows which I think clarifies the matter:
> 
> Their appearance on the list does not mean that their security has definitely been compromised but there is a risk that it has been compromised and they should check.


That's a lot better, though I still don't agree with my email address being on that list. Please remove it if you haven't done so already


----------



## Brendan Burgess (18 May 2009)

There is a balance of risks here. 

There is a risk that a bot will take these email addresses from askaboutmoney and spam them. This is only a risk if they have not already been harvested from the original site. 

There is a much more serious risk that some of the people on the list will have their email accounts accessed without their knowing it. 

If anyone wants their name removed from this list, send me an email from the account to burgess7ateircomdotnet

Brendan


----------



## blacknight (18 May 2009)

If you put the list on a member only forum you mitigate the issue of bots to some degree, as they won't be able to crawl it


----------



## mickeyboymel (18 May 2009)

It Seems The Website which was hacked has addmitted responsibility: My address was on the list and I have just got this through from them:

   [FONT=&quot]





> It has come to our attention recently that one of our servers was hacked. A list of names, email addresses and passwords of our customers appeared on a hacker website on the internet. This account was one of those on the list. The website removed the page but a cached page was still available. Fortunately we do not hold credit card information on our servers, this is held by our credit card processing company. We suspect that this was a graffiti type attack. We have since introduced a more stringent password policy and passwords are now encrypted using the latest techniques. We want to sincerely apologise for any distress this may cause and want to reassure you that we will work hard to make sure this does not happen again. We recommend you login immediately and change your password to reduce the affect of the security breach.


[/FONT]


----------



## jhegarty (18 May 2009)

So who was the site ? (so I know never to register with them)


----------



## Brendan Burgess (18 May 2009)

Now that the company involved has emailed its customers, I have removed the list from public view.

Brendan


----------



## mickeyboymel (18 May 2009)

jhegarty said:


> So who was the site ? (so I know never to register with them)




Is it ok to name the company on here?


----------



## Smashbox (18 May 2009)

I'd sure like to know who it was


----------



## jhegarty (18 May 2009)

mickeyboymel said:


> Is it ok to name the company on here?



Brendan ?


----------



## Brendan Burgess (18 May 2009)

Sure. If they have sent letters out to their clients, it's public knowledge at this stage.


----------



## mickeyboymel (18 May 2009)

Ok, The company was Computerbits.ie. I had not used their site since 2005 but it was a shocking reminder on how important it is to change passwords regularly!! ....PS Many thanks Brendan and all on this site for drawing my attention to the list


----------



## Smashbox (18 May 2009)

Thanks Mickey 

They don't have a message on their website, strange


----------



## neato (22 May 2009)

[FONT=&quot]Brendan,

Back in 2004 I placed an order with the company and as such my email address appeared on the list. 

I am an information security professional in a corporate environment. My main job function is to carry out penetration testing (hacking) of websites, applications and networks.

I acknowledge your previous postings regarding people having the same password for several accounts online. A lot of times this is the case and it is something that people in my profession are at pains to change and make people more aware of the risks involved.

I cannot see any justification or reason for you to post these email addresses on this website apart from self gratification and the kudos factor.

The website on which the hacker originally posted the email addresses and passwords has been taken down but there are techniques to view the content - which I'm sure some enterprising member of the forum will attempt!

Can you please explain why you decided to post all the email addresses saying "Send the link to any of your friends who are on the list and tell them to change their passwords immediately."?

You could have created an anonymous email account and then sent this message privately to all the individuals in a BCC.

I suggest you contact the Board admins and have them contact Google to have the cache for the original posting cleared - as this is how I stumbled across this thread in the first place.

To a degree you are complicit in this breech and have potentially exposed the user list to additional security risks, let alone spam. This is truly unacceptable and you should be apologising unreservedly for your actions, however honourable you thought they were at the time.


[/FONT]


----------



## Brendan Burgess (23 May 2009)

Hi Neato

Read this thread which explains it in full

http://www.askaboutmoney.com/showthread.php?t=112778&page=2

Brendan


----------

