We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,021 News Articles

Writerspace site warns members after LulzSec hack

Admits 12,000 logins were part of leaked database

Literary website Writerspace.com has admitted that almost a quarter of the 62,000 email logins published after an attack by LulzSec came from its user database.

In a warning note on the site's homepage, Writerspace said that that 12,000 of the leaked email logins were from its members and said it was in the process of contacting the individuals concerned.

"We want to assure our readers that we take our responsibility for protecting your personal information very seriously. Unfortunately, there are people who make it their mission to find and exploit any vulnerability no matter how secure the system," read the note.

The site also mentions that LulzSec has recently hacked the CIA website and US Senate, glossing over the fact that neither of these hacks involved the loss of thousands of email addresses and passwords.

Writerspace then advises users to "make sure the passwords for all of your online accounts adhere to industry security standards," again sidestepping the possible weaknesses of any login system that re-uses email addresses as user names, or simply stores email addresses and passwords together for recovery purposes.

It is not clear that writerspace used email addresses for logging in but sites that do run the risk that users will re-purpose the same logins over and over for multiple sites. This gives anyone hacking one database a way of launching speculative attacks against others using the same information. LulzSec itself makes this weakness part of the point of its attack, encouraging sympathisers to try the logins across different sites.

Better advice would be that anyone whose login was published as part of the leak should change logins on any other sites that might use the same email address as authentication.

"Security techs are scouring the site now," said Writerspace in a tweet. "There's no indication that the site itself has been hacked but we'll post info asap."


IDG UK Sites

EE brings 4G LTE to Cornwall and a total of 21 new towns

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

5 things Android Wear *can't* do: Smartwatch OS is great but not flawless

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks