Lulz Security has published the usernames and passwords for the personal email accounts for 62,000 people.
The email login credentials are contained in 2Mb text file, which at the time of writing was still available for download on hosting platform Mediafire.
According to the hacking group, the email accounts were collected from a variety of sources. "These are random assortments from a collection, so don’t ask which site they’re from or how old they are, because we have no idea," the group said in a message at the top of the downloadable text file.
The LulzSec twitter feed was instantly flooded with tweets from users claiming to have used the logins to access Facebook, PayPal and Amazon accounts. Christian Olesen, a Danish blogger at lithin.com, tweeted, "Mail account with tax exempts (SS# [social security numbers] and all) on an entire family," at the Lulzsec twitter account to demonstrate a successful login.
The list contains numerous .gov accounts, including some from Illinois, US; Prince Edward Island, Canada; Kentucky, US and four from Nasa.
Publishing the email credentials places the account holders at risk of credit card and identity theft, social engineering and even extortion.