If Caught in Hacking Crossfire, Defend Your Information Furiously

Melanie Gross
Jun 19, 2011
Updated • Dec 27, 2012

It seems that those friendly, harmless little hackers from LulzSec have turned their attention, at least momentarily, from computing giants to passing bystanders in the evolving battle that has been kicking up online in past months.

Friday the hacking community Lulz Security (LulzSec) posted a file which it claimed contained the username and password information of 62,000 random individuals using popular websites like Facebook and PayPal. While it is doubtful that Lulz itself plans to use that information to do anything but embarrass those websites, other people who now have access to that data may be less playful.

It is unknown how this information was acquired or from what source. However, if you find yourself in a situation in which your Facebook or PayPal accounts have been compromised in a similar hacking campaign, there are important steps that you must take to secure your information and retake control of that loose data.

Mark Ward, a financial IT professional from Colorado, warns anyone who has been compromised to ask the two big questions of information loss: how did it happen and why.

“Anyone who has lost login information of any kind should immediately check the computers they use to access accounts for malware, keyloggers or rootkits. Otherwise, no matter how often you change your information thieves will retain access to the information.”

If you were foolish enough to use that login information in multiple places, change it everywhere – or you might find those accounts compromises as well. Next, identify why you were targeted.

“LulzSec rarely goes after individuals – if your information comes up in their attacks you were probably just caught in the crossfire.”

If you are someone who they may take personal interest in, however, take care to protect all other information and let those connected to you know you have been targeted. They may be approached for further information.

The loss of PayPal login information is typically more pressing than the loss of Facebook data, and as such requires forceful and immediate action. Begin by reporting the breach to PayPal and closing the account immediately. This stops that account from being used for any illegal purposes that you might otherwise wind up being liable for. Next, contact the financial institutions connected to the PayPal account and have them monitor your funds. It may be necessary to close those accounts in time, but it typically is not necessary to do so immediately.

Finally, and perhaps most importantly, contact any individuals with whom you regularly do business through that account and let them know that you have been compromised. Your past actions will be visible to any digital thieves, and it is very possible that they may be contacted by email or phone by people claiming to be you. Consider setting up a secure passphrase with PayPal business partners so that they can know that it really is you they are talking to.

Facebook contains mostly social information and is not connected to your finances and as such it is less crucial to contact connections to such an account as quickly. Again, notify Facebook, telling them of the breach, and close the account. This severs your connections to any photos that may be linked to your account. Let your friends know that you have been hacked, and advice them to be weary of anyone claiming to be you.

As skirmishes online increase in frequency, more and more people will likely get caught in attacks on groups they have no significant connections to. By following these simple steps, the damage of a breach can be minimized and you can return to your usual online activities without delay.

Martin's Words of Wisdom

If you had an account at one of the hacked company sites, and used the same account login, email, password combination at other sites, your first step needs to be to change your passwords at all those sites. Before you do anything else, change your account passwords.

PayPal users can improve security with identity protection devices. It costs little money and adds two factor authentication to PayPal. Attackers who get your username and password, cannot access the PayPal account because they do not have the code that gets generated on the fly when you use the device locally.

I probably would not go as far as to close down the account. I'd change the account password, get the security device and monitor my PayPal funds closely to react immediately when I'd spot an unauthorized transfer. You may however want to cut the link to your debit and credit cards in PayPal to avoid that they are charged automatically whenever a payment is made that exceeds the account balance.


Previous Post: «
Next Post: «


  1. Wake up said on June 29, 2011 at 2:26 pm

    Agreed with the post above, it is just to coincidental that all these hackers in the past years doing damage, this one group has been now made covered by media around the time the Rockefeller are trying to pass the FCC internet regulation act similar to Australia recently and China as most severe..

  2. Go back to sleep said on June 19, 2011 at 6:20 pm

    lulsec is a GOVERNMENT sponsored venture. They will use these puppets as an excuse to remove your civil liberty and tighten control over the internet!

    Look at the timing of the hacks,look what bills are being passed atm…!

    Wake up sheep.

  3. ilev said on June 19, 2011 at 11:04 am

    They claim xbox live has been hacked as well

    @LulzSec Got an Xbox Live, Paypal, Facebook, Twitter, YouTube THE WHOLE LOT! J-J-J-J-J-J-JACKPOT

    1. Martin Brinkmann said on June 19, 2011 at 11:33 am

      I thought they “only” used the account information from previous hacks on other sites, and did not hack PayPal, Facebook, Twitter and co?

  4. Jojo said on June 19, 2011 at 10:47 am

    Good hacking crime story here:
    June 16, 2011
    FireEye: Botnet Busters
    When Microsoft and Pfizer got fed up with the nastiest junk e-mail blaster on the Web, they called Silicon Valley’s cybercrime vigilante


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.