Find Out If Your Email and Password Are Known to the Bad Guys

More than 100,000,000, yes that’s one hundred million, email addresses and passwords have been stolen over the past two and a half months.  That makes 2011 one of the worst years in recent memory for the large-scale theft of email and password information.  It is likely to lead to substantial financial problems for people around the world.

Here’s What Happened

Sony PlayStation Flubs Up

In April of this year, 77 million customer records were stolen via the PlayStation Network Intrusion.  This intrusion was so bad that Sony had to shut down and then re-engineer major components of its money-making online gaming system.  It’s been alleged that credit card information, and more, was stolen from Sony.

Count: 77 Million Email AddressesPasswords and Names

Sony Online Entertainment Hacked

Then came May 2nd of this year.  Now Sony Online Entertainment was hacked and ultimately 25 Million customer records were stolen, including more than 12,000 foreign credit card numbers.

Count: 25 Million Email Addresses, Passwords, names and as many as 25 Million Credit Card Numbers

Sony BMG Greece Falls

Although a comparatively spartan theft, Sony BMG Greece lost some 8,500 email addresses and password hashes.  Now the password hashes are not necessarily a big deal, as they usually cannot be used to break into your account on another machine, but… come on sony!

Count: 8,500 Email Addresses

Sony Music Japan

I’m not Sony hater, in fact I love some of the technology they’ve introduced over the years, but come on!  Even I’m starting to notice a pattern here.

Last month, on May 23rd, Sony Music Japan’s site was hacked.  Apparently the data that was stolen did not “contain names, passwords or other personally identifiable information” (according to Sophos).

The next day, hack number 16 for Sony.  Sony Ericsson Canada lost email addresses and passwords, and that information was posted on pastebin.  Quoting Sophos:

“The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.

“SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.

“Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: lol.”  (Read more Here.)

I guess the good-ish news here is that if you were one of those whose information was compromised you can rest assured that Sony has already attempted to contact you.

Count: Hundreds of accounts’ information Falls

It continues on June 2nd, when LulzSec claims it stole more than 1 Million User Names, Passwords, Email Addresses and personal information from the web site.  Turns out that none of the information was encrypted and it was all in plain text, ready for use.

Count: 1+ Million User Names, Passwords, Email Address and more.

Acer Falls

Even though Sony’s been hit hard this year, they’re not the only ones with hacker problems.

Acer Europe has apparently fallen prey to the Pakistan Cyber Army, which has claimed that it stole 40,000 records from their database which include customer names, physical addresses, phone numbers and email addresses.

What to Do?

You can check to see if your information was compromised.  Unfortunately, we don’t have a full list of the accounts which were compromised, nor details about all of the information which was stolen.

You can check the small subset of data which is available herehere and here.  This is another great reason to use one-password-per-site and even to have multiple email addresses that you use.

If you’ve ever logged into the website it’s time to change your password.  It’s been compromised.