Gawker Media said on Monday that its servers had been hacked over the weekend, and that user account names and passwords were stolen. The company is warning that login information for commenter accounts at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot have been potentially compromised.
Passwords for about 200,000 registered users were taken by a group calling itself Gnosis and are now available at ThePirateBay. The passwords were encrypted, but are already being cracked.
All Your Passwords Are Belong to Us
“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” Gawker said.
According to The Next Web, Gnosis also made off with Gawker staff account information, and private internal company conversations.
Gawker is advising all commenters with Gawker Media accounts at all of its properties to change their passwords, and if they use the same password for other online accounts, to change those passwords, too. Commenters that register with their Facebook and Twitter accounts weren’t affected because Gawker’s servers don’t store those passwords.
Users that want to delete their Gawker Media accounts are currently out of luck, although the company said it is working on adding a way for users to kill their accounts.
The company said it’s now in the process of improving site security, but didn’t say how long it will take before changes are in place.