Following last week’s release of the X Factor 2011 contestant database on BitTorrent, The Lulz Boat (LulzSec on Twitter) has today released the passwords and email addresses of dozens of FOX employees.
Other files uploaded by LulzSec today suggest that the data may have been obtained through a hidden PHP script planted on fox.com, which allowed unauthorised access to a live production database. The attackers also listed the locations and partial content of several PHP configuration files on the server.
Earlier this week, two FOX Twitter accounts were also compromised. Both FOX UP and Fox 15 were hacked, presumably by LulzSec:
LulzSec also claimed to have hacked into 14 LinkedIn accounts belonging to FOX staff. The addresses of the affected accounts were posted on Pastebin.com on Monday, but the profiles have since been taken down.
LulzSec deny being vigilantes, cyberterrorists, or having any political motives. They say “we do it for the lulz” – an expression made popular by a FOX11 news report from 2007, which is often mocked for its inaccurate portrayal of the group Anonymous. Sven Slootweg, owner of AnonNews.org, described the FOX11 report as “complete nonsense” and told Netcraft that it had “spawned a ton of memes”.