Myspace phishing site discloses countless usernames and passwords

This just came in on FD, and well, I’d suggest that anyone reading this checks to make sure that no-one you know got fooled by this one.

The phishing site can be found at http://www.marcolano.com/login

All the usernames and passwords can be found here http://www.marcolano.com/login/myspace.txt

I’ve also submitted this to digg.com as it may help to get the world out there a bit more, if nothing else maybe the digg effect will take the site down before the law can. Here’s the link:

http://www.digg.com/security/Change_your_Myspace_passwords_now

Share
  • http://aviv.raffon.net Aviv

    IE7 reports this site as “Phishing Website”.

  • http://www.xyberpix.com xyberpix

    The link above is a myspace phishing site, but the myspace.txt file is a list of growing usernames and passwords of the users that fell for it, and it’s pretty scarey how fast it’s growing!

  • TylerK

    Already gone…any mirrors?

  • http://www.xyberpix.com xyberpix

    Site taken down.

  • http://networksecurity.typepad.com/ Juha-Matti

    And Firefox 2.0.0.1 reports this as “Suspected Web Forgery” site. This alert was generated very soon after the disclosure.
    They are reading FD regularly. Fine!

  • myspacamaniac

    Maybe we can also share articles or something just to get each other updated on this. Myspace identity theft is definitely on the rise right now. I can’t just imagine how far it has actually grown. Even Tom wasn’t spared.

  • irresponsible

    you think it was right to put this on digg?

    you’re thick.

    talk about adding to the problem.

  • http://www.whiteacid.org Sid

    I heartely agree with irresponsible. Making more people aware of a problem is a bad thing and should never ever be done. Keep people ignorant so that they don’t learn from others’ mistakes.

  • xyberpix

    Actually, I do think that that putting this on digg was the right thing to do, as it would have got a lot more attention than any other way. How can people who supposedly believe in Full Disclosure not actually want “Full” Disclosure. If this would have been dugg enough, then it would have accomplished a few things:

    i) Made people more aware of phishing scams

    ii)Got people to look at the list of usernames and passwords and make sure their’s wasn’t listed and if so change it.

    iii) Yes, people’s Myspace pages would’ve taken hit on this, but still, it would have made the whole issue a lot more visible.

    iv) You’re concerned about putting this on digg, do you have any idea as to how many people are subscribed to the FD list?

  • Pingback: Aviv Raff On .NET

  • http://www.whiteacid.org Sid

    Incase you hadn’t realised, my comment was meant to be sarcastic :p

  • irresponsible

    does anyone have the figures of fd members? no

    one major source is enough.

    digg’in it is going too far.

  • sunshine

    As a friend of mine is fond of saying: what was was, was was. “The avalanche has already fallen, it is too late for the pebbles to vote.” – Kosh, Babylon 5. Meaning it is already public and “out there”, it will get abused and it will get distributed no matter what you do.
    Best thing you CAN do is help get the word out that others have this power over people, and get it resolved.
    Yes yes?

  • xyberpix

    Here, here!

  • Pingback: TheBC.ch