Was the exposed data encrypted?
No. LulzSec said all of the data it downloaded was unencrypted. User IDs and passwords were sitting in the database as plain text (".txt") files.
Who is LulzSec?
LulzSec (Lulz Security) is a hacker group (or possibly just one person) responsible for a number of recent intrusions into corporate servers. The group broke into a Sony site based in Japan, Fox.com and the recent PBS hack that included posting a fake news item to PBS.org proclaiming rapper Tupac Shakur was still alive.
As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes. But that doesn't mean others won't capitalize on security flaws exposed by the online pranksters.
Is 2011 the Year of the Malicious Hacker?
It sure looks that way with the recent Gmail hack that Google blames on China, the LulzSec break-ins, and a rash of other intrusions such as the RSA SecurID breach and the Sony PSN hack. But keep in mind that many of these intrusions are the result of companies and users failing to follow basic security measures.
The Gmail hack appears to be the result of luring people to a phishing site. EMC, the company behind RSA Security said it was the victim of an "extremely sophisticated cyber attack." But I don't see what's so "extremely sophisticated" about a hacker tricking someone into downloading a malicious Excel document via email. Malicious email downloads are one of the oldest malware tricks in existence.
With hackers becoming more emboldened to attack corporate sites, corporations need to do a better job of safeguarding user data. A good start would be to watch out for basic SQL injection techniques, encrypt databases filled with personal information, and provide an HTTPS connection for their users whenever possible. These three basic things would go a long way to thwarting the shenanigans of groups like LulzSec. You can never be 100 percent immune from intrusions, but that's no excuse for failing to follow even the most basic security precautions.