Mar 132012

Hackers Discover US Government Employees Using Work Emails On Porn Websites

The Atlantic
Adam Clark Estes
Mar. 13, 2012
A group of hackers calling themselves Th3 Consortium and  claiming to be affiliated with Anonymous and LulzSec broke into yet,the third porn site it’s hacked in as many weeks, stealing 72,000 passwords and 40,000 credit card numbers.All three porn sites Th3 Consortium has targeted are owned by Luxembourg-based Manwin: Brazzers got hit in mid-February — 350,000 usernames and passwords were stolen — and then came a major hack at YouPorn — a million usernames and passwords were compromised. But the porn network does not seem to be the real target of the attack: the hackers seem most interested in embarrassing government employees who used their official email addresses (for some reason?) to register for a porn site. Foolish government employees beware.

As reports, “According to Th3Consortium, it hacked 27 admins’ names, usernames, e-mail addresses, and encrypted passwords; 85 affiliates’ usernames, plain text passwords, and in some cases, IP addresses; and 82 .gov and .mil e-mail addresses with corresponding plaintext passwords.”

“And of course as this is a porn site,” Th3 Consortium bragged in their release about the attack, “there was no shortage of .mil and .gov emails in their user list.” The hackers’ taunting of government employees could be nothing more than taunting. Those who have seen the data say that there are only a few dozen on the list. 

But the hackers seem to share the view that catching government employees engaged in naughty online behavior — whether it’s watching porn or illegally downloading movies — it refutes the calls for more aggressive enforcement of copyright laws. Fresh out of jail, Megaupload founder Kim Dotcom sounded ready for some blackmail when he told TorrentFreak in an interview, “Guess what — we found a large number of Mega accounts from US Government officials including the Department of Justice and the US Senate.” And we’re not just talking about usernames and passwords in MegaUpload’s case. It’s terabytes of actual files. Luckily for these public officials, the government has control of that data for the time being.

There are three takeaways from the recent rash of porn site hacks. Number one: if you’ve got an account and credit card on file with a porn site, double check to make sure that info is secure. Two: Don’t take the hackers too seriously. While they brag about how tens of thousands of accounts were compromised, those numbers are usually greatly exaggerated. And finally: if you work for the government, don’t sign up for porn sites with your official email address. Taxpayers are paying to keep that address up and running. The least you can do — if only to be courteous — is set up a fake Hotmail account or something. And save the porn for your personal time. We don’t want to pay for that — or any resulting sexual harassment cases — either.