Gawker Media Hacked, User Passwords Stolen

| News

Gawker Media said on Monday that its servers had been hacked over the weekend, and that user account names and passwords were stolen. The company is warning that login information for commenter accounts at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot have been potentially compromised.

Passwords for about 200,000 registered users were taken by a group calling itself Gnosis and are now available at ThePirateBay. The passwords were encrypted, but are already being cracked.

All Your Passwords Are Belong to Us

“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” Gawker said.

According to The Next Web, Gnosis also made off with Gawker staff account information, and private internal company conversations.

Gawker is advising all commenters with Gawker Media accounts at all of its properties to change their passwords, and if they use the same password for other online accounts, to change those passwords, too. Commenters that register with their Facebook and Twitter accounts weren’t affected because Gawker’s servers don’t store those passwords.

Users that want to delete their Gawker Media accounts are currently out of luck, although the company said it is working on adding a way for users to kill their accounts.

The company said it’s now in the process of improving site security, but didn’t say how long it will take before changes are in place.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

7 Comments Leave Your Own

jfbiii

They got a lot more than commenters emails and passwords: Forbes details extent of Gawker hack.

Honestly, this couldn’t have happened to a creepier group.

Nemo

What can one say about Gawker, the parent website Gizmodo, which improperly acquired Apple’s top secret prototype iPhone 4?  It is karma. It is a richly deserved case of what goes around comes around.  What can one say but that one hopes Gawker’s troubles will teach it some necessary lessons about the importance of obeying just law and of behaving ethically.

Lee Dronick

? It is karma. It is a richly deserved case of what goes around comes around.?

I hope that the hackers also get their karma.

Bosco (Brad Hutchings)

While you guys all ponder about karma, what makes Gawker sites most interesting to many is the comment system. Gawker and their sites will go on just fine. But the ones who are screwed the most are the commenters, especially if they used weak or common passwords. With this database, people so inclined can probably recover 20% - 30% of the actual passwords used, and tie them to account names and email addresses, that they might then be able to apply across the Internet. Some number of them will most certainly be using the same passwords for social sites as they do for financial sites.

People at risk use the same short password (6 - 8 characters) at many sites they visit. If you used a clever enough password, an attack on DES encrypted hash might not recover the original and would only recover something useful on a system that hashed passwords exactly like Gawker. But it you used an unclever password, you could be hosed in short order.

Lee Dronick

Do you want a HackyMeal? MacDonald’s Hamburgers also got hacked.

Nemo

Sir Harry you are right that the hackers should also be brought before the courts and be made to pay under federal and state law for their criminal vandalism.  And, of course, Bosco is right in saying the innocent victims of that criminal vandalism deserve our sympathy and support.

But now it should be clear to all, especially Gawker and Bosoc, that lawless behavior takes us to a vicious world of chaos and injustice.  Gawker thought that it could ignore the law in pursuit of profits and the lust of gossip, yet, when others ignore the law for their own purposes to attack Gawker, it is easy to see everyone, innocent or not, suffers. 

It is high time that Gawker recognizes that obedience to just law and ethical behavior is the necessary price that we all must pay for an orderly, secure, free, and prosperous world.  Gawker can’t expect, nor will have, such a just world, where it promotes the theft of others’ property and the ignoring of others’ legitimate confidences.

Lee Dronick

This story prompted me to change my online banking password to one that is even more complicated than the one that I was using.

Log-in to comment