On November 28, 2011, an unknown hacker released over 70,000 accounts containing emails and passwords in cleartext obtained from helistin.fi, a forum site based in Finland. The first post about the leak appears on another Finnish forum site at http://ylilauta.fi/b/res/4956336.html. Later, AnonFinland announced the release in a Twitter post at https://twitter.com/#!/anon_finland/status/140963263394480128. The leak was possible due to the use of an old and insecure version of phpBB on helistin.fi, i.e. phpBB version 2.0.2.
The motive behind the leak is unclear but we do know helistin.fi is a forum mostly for discussion on topics for families with children. It is possible the leak is simply another "for the lulz" to expose the state of web insecurity in Finland. helistin.fi acknowledged the leak and has posted the news to their Facebook page. They have also brought down the website at the time of this release presumably to update passwords for all the leaked accounts. The table below is the list of these accounts.
What should you do?
Use the search box below to find out if your email is in the list. If yes, you are advised to change your password immediately if it is still in use elsewhere. For your privacy, do not enter your complete email in the search box. Try using the first part of your email instead, e.g. example instead of email@example.com.
If you wish to have your entry removed from the list below, please send an empty email to firstname.lastname@example.org with subject "helistin removal request". The removal is done automatically within 24 hours if you use the same email as the one appeared in the list. This page may be cached for up to 24 hours.
|ID||Email / Username||Password|
|A valid search term is required!|