"You have a security policy? We never noticed." So tweeted Anonymous to US military contractor Booz Allen Hamilton after members of the online activist group stole tens of thousands of encrypted military passwords from it and posted them to the Web. Although the passwords had all been encrypted and didn't appear to be geared toward email access, many examined by the AP seemed easily breakable and might conceivably be used to hack into military inboxes.
The Anonymous hackers boasted of stealing passwords linked to some 90,000 military users, although the AP counted only about 67,000 unique email addresses, of which about 53,000 carried ".mil" domains. The rest appeared to be affiliated with educational institutions or defense contractors such as Lockheed Martin or SAIC. Those exposed by the leak "should probably be changing their passwords urgently," says a rep from the Electronic Frontier Foundation. The Pentagon said in a statement that it was aware of the incident and coordinating with other federal partners on the matter. (Read more US military stories.)