16,959 e-mail accounts have been dumped to MediaFire recently, ZeroPaid has learned. The 1.18MB text file was uploaded by Connexion Hack Team. The file contains government and military e-mail accounts and passwords. ZeroPaid has also learned that many popular e-mail providers are also seen in the list of accounts compromised.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
Connexion has already dumped data from a California government website to pastebin and now they have made another data dump. A statement within the release contains the following:
Dear Internetz,
We are the Connexion Hack Team. We are here to say that we are releasing approx. 16,959 emails and passwords. These are random and do not ask which website they came from. If you want to see if your email is there press CTRL+F on Windows and search for your email. If it is, well to bad, pick another email from the list. If it isn’t then you are one lucky bastard.
We want everyone to know that we mean business here. Have fun!
There’s numerous government e-mails from pretty much all over the map. There’s e-mail accounts from the NSA, Virginia, the DHS, and others. We’ve removed the passwords, but these are the list the group dubbed “Important people”:
ahooten@hrsa.gov
cavines2@niehs.nih.gov
craig.nicholson@ky.gov
dbarett@moorecountync.gov
Dbarnwell@augustaga.gov
deborah.a.jordan@ncesc.gov
dlhar11@nsa.ic.gov
elizabeth.pridgen@dot.gov
gdublin@cdc.gov
gloria.dotson@dss.virginia.gov
gxxmills@bop.gov
icq4@cdc.gov
james.ferguson@scc.virginia.gov
james.heck@nrc.gov
JANIE.HILL@VA.GOV
Joe.Manora@noaa.gov
jwr3@cdc.gov
karcher@cdc.gov
louise.stokes@norfolk.gov
MARSHA.PHILLIPS@NLRB.GOV
michael.anthony.blake@census.gov
Nicole.Merriweather@louisvilleky.gov
patwill@mdes.ms.gov
paul.griffin@dhs.gov
ROBINSONA@DNR.SC.GOV
shawn.armstead@ssa.gov
shchapman@dot.ga.gov
sminor@dot.ga.gov
sonya.beaver@vdh.virginia.gov
To some of these users credit, they did use a combination of letters, numbers and symbols, but those are only a select few. One did have a password “changeme” which the team commented, “mega lulz”.
In the next section, there was a list dubbed “more important people” Again, we’ve removed the passwords:
arnold.leeks@ng.army.mil
ashley.n.richmond@us.army.mil
brenda.s.davis@navy.mil
christine.johnson@amedd.army.mil
demetrius.spencer@us.army.mil
don.barbee@us.army.mil
flora.goldsbyturner@tinker.af.mil
glenda.mack@us.army.mil
hasani.hudson@navy.mil
joseph.perryman@us.army.mil
kelvin.blanton@us.army.mil
marshall.coaxun@usmc.mil
michael.lowry@med.navy.mil
michele.jackson@med.navy.mil
ora.phillips@afncr.af.mil
pauline.pituk@conus.army.mil
rober.a.cury@us.army.mil
Roberta.Kithcart@Charleston.af.mil
Again, to one persons credit, a combination of letters, numbers and symbols was used. The reason why this is good is because it is suppose to take exponentially longer to crack such a password when a combination of letters, numbers and symbols. I suspect these were obtained in another manner in this case.
The remaining e-mails and passwords are all over the map. The e-mails are in alphabetical order and, strangely, they end on the letter “s”. So anything after the letter “s” appears ot be safe for now (maybe an additional release will be made?). Domains that are found include Yahoo (lots), BellSouth, Gmail, MSN, Earthlink, Comcast, Sprint.Blackberry, vzpix, sbcglobal, Cox, Hotmail, Spartans.nsu (lots), Verizon, NSU, and AOL to name a few.
It’s very difficult to know for sure how these were obtained considering it’s just a random smattering of e-mails. No doubt, these accounts will appear elsewhere for those wondering if their account was compromised or, more easily, it can be downloaded on MediaFire while it’s still up.
Drew Wilson on Twitter: @icecube85 and Google+.
