LONDON Members of the online activist group Anonymous stole tens of thousands of encrypted military passwords from U.S. contractor Booz Allen Hamilton and posted them to the Web, the hackers said Monday.
Although the passwords had all been encrypted and didn't appear to be geared toward email access, many examined by The Associated Press seemed easily breakable and might conceivably be used to hack into military inboxes.
Chris Palmer of the Electronic Frontier Foundation said those exposed by the leak "should probably be changing their passwords urgently."
U.K. hacking suspect has autism, lawyer says
In a statement posted to the Web, the Anonymous hackers boasted of stealing passwords linked to some 90,000 military users, although The Associated Press counted only about 67,000 unique email addresses, of which about 53,000 carried ".mil" domains.
The rest appeared to be affiliated with educational institutions or defense contractors such as Lockheed Martin Corp. or SAIC.
The Pentagon said in a statement that it was aware of the incident and coordinating with other federal partners on the matter. It didn't immediately respond when asked whether affected personnel had been ordered to change their passwords.
Booz Allen posted a message to the micro-blogging site Twitter shortly after the hack was announced, saying that its security policy meant it didn't usually comment on threats or attacks against its systems.
The hackers taunted the company in response.
"You have a security policy?" they said. "We never noticed."
A spokesman for the Booz Allen Hamilton Holding Corp. did not offer any further comment.