On November 5, 2012, @m4rl4_12 released over 40,000 accounts containing emails and passwords hashed with MD5. The accounts belong to users on unclesam.de, an online sportswear retailer based in Germany. Following a quick analysis of the dump, we found 60% of the hashed passwords were unsalted and the remaining hashed passwords were salted. This may suggest an incomplete upgrade of the password storage scheme for the website. The release of the dump was announced by m4rl4_12 in a Twitter post at https://twitter.com/m4rl4_12/status/265382927821586432. Judging from the release date, the attack may have been launched by the hacker as part of the long-awaited #Nov5 campaign by Anonymous to declare "cyberwar" against organizations around the world. The owner of unclesam.de does not appear to have posted any notice on the website itself to explicitly inform the affected users.
What should you do?
Use the search box below to find out if your email is in the list. If yes, you are advised to change your password immediately if it is still in use elsewhere. For your privacy, do not enter your complete email in the search box. Try using the first part of your email instead, e.g. example instead of email@example.com.
If you wish to have your entry removed from the list below, please send an empty email to firstname.lastname@example.org with subject "unclesam removal request". The removal is done automatically within 24 hours if you use the same email as the one appeared in the list. This page may be cached for up to 24 hours.
|ID||Email / Username||Password|
|A valid search term is required!|