Nearly 3000 user accounts have been compromised on UK DJ website VisitBPM.co.uk. A user by the name of P0keu suggests that what has been posted so far is not the complete list of accounts, however, the data dump does include user names and passwords.
The data dump that has been released so far has been posted to Pastebin. P0keu apparently didn’t have much to say, but the following statement was included in the post:
Lazy as I am, I cba fixing the list.. :c
Anyway, user:pass:email of visitbpm.co.uk haff phun! :3
Curiously, it doesn’t appear that the number of accounts are exactly accurate. The first ID starts on line 13 while the last ID, 2806, appears on line 2751. If there were 2806 accounts compromised, you’d think it would end on line 2819. It seems likely that, in actuality, there was only 2738 accounts compromised if there was one account listed per line. Regardless, this is not a trivial number of accounts allegedly bing compromised nevertheless. p0keu commented on the release saying, “One DB dump of visitbpm.co.uk delivered”
It would seem advisable that users on that site should change their passwords as soon as possible.