21,485 clear text passwords exposed, allegedly stolen from Billabong

Darren Pauli reports:

More than 21,000 clear text passwords have been stolen from Australian surfwear icon Billabong and published online.

The breach has yet to be confirmed. SC has notified the company’s IT desk and provided a link to the codepaste site where the details were uploaded.

Billabong was previously unaware of the breach.

Hacktivists released the credentials under #WikiBoatWednesday, an event popular in hacktivist Twitter circles where groups publish stolen data caches online.

Read more on SC Magazine.

In related coverage, Dan Goodin reports:

Hackers dumped another huge cache of stolen passwords, this time exposing what they said are as many 35,000 plaintext passcodes from the website of clothing maker Billabong International.

A post on CodePaste.net claimed 20,000 to 35,000 user names and corresponding passwords were retrieved in the hack of billabong.com. But the post included only 1,435 plaintext user credentials and didn’t explain the discrepancy. Australia-based Billabong provides the accounts to customers to make frequent online purchasing more easy. The post also included what it claimed were user names and hashed passwords for MySQL accounts used to administer the site.

Read more on Ars Technica.

About the author: Dissent