Over 4,500 logins have been published on a 77 page document on a shared content website.
Chris Boyd, malware researcher at Sunbelt Software, claimed that as Scribd allows users to share written content online, converting PowerPoint, PDFs and Word documents into web documents that can be viewed through sites such as Facebook and other social networking services, it was inevitable that a scammer would decide to use such a service for foul means.
He detected that a little over 4,500 mail logins (mostly from .ru domains, and possibly used for a .ru social networking site) in the form of a 77-page text document for anybody to download and plunder was uploaded to the site. At the time of writing, the document had been viewed 94 times and by the time it was deleted, that figure had increased to 152.
He said: “Interestingly, the account behind the upload is still busy posting utterly random content – everything from technical documents and videogame commands to what look like job advertisements, lists of cameras and descriptions of GIMP plug-ins (there's even a manual for Warhammer 40 000 lurking in there somewhere).”
With 970 uploads, the account was up to 1,308 with fresh (and entirely random) uploads appearing constantly, possibly by an automated process.
Boyd also pointed at a Russian forum, where victims noticed an increase in spam coming from their account, and a web search saw their stolen logins sitting on the Scribd page.
“Unfortunately there's no indication if their login was claimed through an infection or a phish, but whether the uploader is someone trying to make stolen logins ‘sociable' or some kind of automated bot gone awry there's an awful lot of compromised accounts being put up for grabs,” said Boyd.