X

DerpTrolling leaks PSN, 2K, Windows Live customer logins

Hacker group DerpTrolling claims to have released a "very small portion" of usernames and logins for three gaming networks in its possession as a "warning to companies".

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
3 min read

Sony

DerpTrolling, the hacker group that claimed responsibility for a DDoS attack on Blizzard's servers over the weekend, has released a log of customer logins across the PlayStation Network, 2K Games and Windows Live.

"Dear Internet," the Pastebin document reads, "The following is a very small portion of Lord Gaben and the rest of his crew's glorious raids across the high seas of the Internet."

Inside are usernames and passwords for 2,131 PSN users; 1,473 Windows Live users; and 2,000 2K Games users.

The move runs contrary to the group's previous assertions that it did not want to leak customer data -- but the group has decided to change its tactics after finding that its efforts were not being taken seriously.

"We were advised by one of our friends over at RedHack to make adjustments in our operations," the DerpTrolling member said -- but noted that the move was not a show of force. "A show of force from us, would be an attack on 2K that would be very similar to our attacks on Blizzard. Like I said, DerpTrolling in no way wants to harm our children by leaking such damaging data. It's only a warning to the companies."

The group hopes that, by leaking the customer credentials, it will force companies to upgrade their servers to prevent DDoS and data hacks, resulting in better customer service. And, although the leak isn't large in the grand scheme of things, the DerpTrolling member said that the group has much more data that it didn't leak.

derp.jpg
Screenshot by Michelle Starr/CNET

"We have 800,000 from 2K and 500,000 credit card data. In all of our raids we have a total of around 7 million usernames and passwords," he said. "We have around 2 million Comcast accounts, 620,000 Twitter accounts, 1.2 million credentials belonging to the CIA domain, 200,000 Windows Live accounts, 3 million Facebook, 1.7 million EA origins accounts, etc."

He was keen to stress that DerpTrolling means business.

"There are a lot of people and fellow hackers who believe that DerpTrolling is just a bunch of kids. But the truth is we have been associated with and assisted every well known hacking group aside from The Syrian Electronic Army and LizardSquad (although we were invited to join LizardSquad)," he said.

"You heard about Anonymous knocking the entire .Mil domain offline? Well that was us! You hear of RedHack launching DDoS attacks against Turkey's government? That was us as well! You heard about LulzSec knocking gaming servers and websites offline? Well that was us too! And that was us who knocked Syria's internet offline earlier this year. DerpTrolling really has many forms, most people only see the Gaming side of us! We can be very serious hackers."

CNET has contacted Sony, Microsoft and 2K for comment and will update when we receive more information.

Update Novermber 22, 9.28am AEDT: We have been hearing reports that the leak may have been faked, either in part or full, using various methods, including repurposing customer login details leaked in previous data breaches. CNET would like to advise users still change their passwords, just in case.