@K1ndred_ leaks 4000 game accounts

Its been a while since we have seen a release from @K1ndred_, the last one being the 19,000 FORCOM Accounts, Today they have a fairly big dump of 4000 decrypted accounts. This comes from a text based game ( unsure which one ) and has all emails/passwords and the original encrypted password and a little release note, few hours before hand they hinted that something was on the way with the comment "New booty will arrive very soon on one of my vessels".

K1ndred_ Kindred  New booty will arrive very soon on one of my vessels :>. #lulz K1ndred_ Kindred And here is some new booty ^^. The file contains over 4k passwords. Learn to secure silly game ;)... mir.cr/17S4MH9S #lulz #antisec

@K1ndred_ has said in the release it only took them 5minutes to get access and find lots of XSS and SQLi vuns. Anyways heres the release notes:

Hello everyone again, Some months ago I passed through a series of forums just to check them out, to see if they were secure. Suddenly I bumped onto this text-based, turn-based game. So why not test them? 5 minutes later, I got in, the admins only hashing the passwords of the user once and multiple SQLi's and XSS vulnerabilities. So here is part of my booty ;). It contains all the passwords I de-hashed and their hashes. Also the usernames and emails belonging to those accounts. The file contains over 4k details! Learn 2 secure peeps... Enjoy peeps! K1ndred_ (https://www.twitter.com/K1ndred_)

Leak: https://www.mirrorcreator.com/files/17S4MH9S/

Lee Johnstone

Lee Johnstone

Information Security Data Analyst, Investigative Journalist, Technology Lover, Mechanic.

Read More