The group announced the hack through Twitter handle LulzSec, or The Lulz Canon, featuring a stick figure in a top hat, monocle and twirly moustache. The group also hacked the Twitter account of Fox15 TV before releasing a few bawdy tweets.
The same hackers were behind the theft of names, phone numbers and email addresses of 73,000 people who had applied for information on auditions for the U.S. edition of Simon Cowell’s talent show The X-Factor, to be broadcast on Fox television – this information was taken together with the Fox.com employee details in the same attack. Earlier this week the group posted the X-Factor list of names as a text file on Pirate Bay. A spokeswoman for Fox did not wish to comment on the matter.
One of the Tweets from hacker group LulzSec:
The group was unclear about why they were attacking Fox, saying there were different motivations among its members. They added that LulzSec was not part of Anonymous, a larger hacktivist and trolling collective that claimed responsibility for cyber attacks on HBGary Federal, MasterCard and PayPal, though its members have participated in some of these previous operations.
A tweet earlier today from LulzSec’s Twitter account invited supporters of Anonymous to join in its shenanigans. And in a public letter which appears to rally support from the disparate strands of Anonymous and elsewhere, the group wrote:
We don’t like you very much. As such, we cordially invite you to kiss our hand-crafted crescent fresh asses.
Remember that time we leaked all your X-Factor contestants? http://thepiratebay.org/torrent/6372763/X_Factor_Leaked_Contestants_Database
Well now we’re leaking some more of your junk. We invite the Internet to ravage the following list of emails and passwords (from a database within Fox.com) – Facebook, MySpace, PayPal, whatever you can get your hands on. Take from them everything. Remember to proxy up, or tunnel like a pro!
Follow us on twitter; we’re owning more things next week. Kisses!
All the best,
One of the group’s members said they manually went through all 364 lines of employee passwords to test them on LinkedIn accounts, then defaced the ones that shared the same password by replacing their profile picture with the LulzSec stick man. The 16 compromised LinkedIn profiles have since been taken down.
The main attack happened on April 19 when a group of four hackers searched Fox.com’s servers for vulnerabilities. By the time Fox.com’s IT administrators noticed the breach, a week had gone by and the hackers had taken information from several databases. One said they were still trawling through the data and were planning to leak more in the coming days, “probably more user login info.”
They hinted at their next target in a Tweet earlier today: “What’s next you ask? #FuckFBI.”
“They will not be happy bunnies lol,” the hacker added.
by Parmy Olson