This database is fairly interesting. 73727 people in it.

The ratio of females to males is about 1.6

Average age is 27

Top ten email address domains:

    yahoo.com (24269 addresses)
    gmail.com (17805 addresses)
    hotmail.com (7518 addresses)
    aol.com (7129 addresses)
    comcast.net (1639 addresses)
    live.com (1177 addresses)
    msn.com (1079 addresses)
    sbcglobal.net (992 addresses)
    ymail.com (781 addresses)
    aim.com (698 addresses)

There's a lot more I want to graph and look at though. I especially want to see how different demographics pick different email providers. That and getting a map for zip-codes and making a heatmap of the applicants' locations then subtracting that from a population density map.

I am happy about each and every database leak that makes people aware about the issues with data-mongering. As long as I am not in one of them. Then it feels really really bad (my credentials were "stolen" (ie copied) in a customer database of a hardware shop, since then I get personalised spam and the store still has not notified the thousands of customers whose details are out there).

How do you know the data was stolen? Is it possible that they just sold your information?

They are trustworthy enough that I can rule that out. Could have been an employer of course. The list was posted online at some point. And the shop acknowledged the incident and is working with the police.

I used the quotation marks because of course the data was copied, not stolen, but the word "stolen" is usually used.

He doesn't—that's why he wrote the word "stolen" in quotation marks.

Being happy about it, as long as you aren't in the mix is pretty hypocritical.

He would only be hypocritical if he was data-mongering himself, or leaking other people's information. Instead it is a selfish attitude, since the consequences to the affected people don't matter as long as he isn't one of them.

HB Gary... Sony... Fox/X-Factor... others/more to come...

Prediction: Web security products/services will be the hot ticket for the rest of 2011-2012.

I don't think so -- people don't think of security when they think CRUD applications. What they do think about is outsourcing it to a team of 10 people that will work for $1/day on it. And then they get what they pay for.

Hire competent programmers to do important tasks and you won't be disappointed. The problem is that there aren't very many competent programmers.

I don't intend to imply that security products/services will address the problems inherent to badly architected/implemented IT systems.

Just that we can expect to see an upswing in expenditures for these sorts of tack-on products/services from CIOs seeking silver-bullet assurances from those naive about their corporate infrastructures' security exposure, or blame deflection, from those savvy about the same.

In other words, it might be a good time to start a white-hat IT security audit tools/services company.

People get pwned, dbs get dumped, and sites get defaced e'eryday. This is nothing new.

But the targets are usually not so prominent. As higher profile attacks occur, people in related companies will start to worry if they're next, and start a spending frenzy to try and prevent it (it is, of course, doubtful any product they buy will do any good).

What is the legality of downloading and posting analysis of this?

not cool...

Creds to reddit btw: http://www.reddit.com/r/netsec/comments/h62oz/x_factor_foxco...

I'm not sure creds to reddit are necessary unless the original disclosure was made there..

What does this mean? There's no useful discussion in that thread.

I assume it means that's where temptemptemp13 found the link.

Yes, I meant to point out where I found the link. Was that a bad idea?

Ah, ok. I didn't see that you were the OP. Makes sense now.