Symantec, the company behind Norton Security, is warning users about a group called Team GhostShell who have been hacking websites at an alarming rates and gaining access to your sensitive information.
The group is updating their Twitter account with a running list of accounts they’ve managed to hack. The compromised data includes e-mails, phone numbers, addresses and dates of birth. Also out there in the open were passwords, some of them that seemed to have been stored in plain old text files.
This is the same group that hacked a ton of sites three years ago, exposing over 1 million accounts from banks, retail websites and government organizations.
According to Symantec, the list of hacked sites appears to be random, so it looks as if they’re just walking around looking for unlocked doors.
Below is a long list of sites, they posted on their Twitter account with some information redacted.
GhostShell takes the information they’ve stolen and does data dumps on the web where anyone can view the information. They call themselves Dark Hactivists and according to a post in the Pastebin forum “Dark Hactivism represents the process of taking conventional hacktivism to the cyber-warfare level.” Hacktivisim is when hackers believe that they are working for a greater good. However that greater good is determined by the folks doing the hacking. Three’s a pretty long manifesto about Dark Hacktivism that you can check out if you’re interested and have some time to read.
Bottom line: now more than every you need to be careful. You know to use a strong password and to also not use your password on multiple accounts. Also make use of two-factor authentication when it’s offered. Even if it’s an extra step to put in a code or answer a questions, do it. That way even if crooks get their hands on part of your password, they won’t be able to get into your account.