CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 13th, 2010

Gawker Media Compromised, Database With 1.3 Million Emails, Usernames And Passwords Exposed

Gawker Media is dealing with a serious security breach after hackers managed to compromise several of its servers and leaked a database of 1.3 million usernames and passwords. Gawker Media sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.

In a network-wide announcement, Gawker warns users who have an account on any of its ten highly-trafficked blogs, which include Gizmodo, LifeHacker, Jezebel and Kotaku, that their passwords were compromised.

“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” the media company says. “We’re working around the clock to ensure our security (and our commenters’ account security) moving forward,” it adds.

A group called Gnosis took credit for the attack and it seems that its motive was Gawker’s taunting of Anonymous and 4chan members, which at one point it called “script kiddies.” “Previous attacks against the target were mocked, so we came along and raised the bar a little,” Gnosis said. “You wanted attention, well guess what, You’ve got it now!” it added.

Gnosis notes that the hacked database contained the login details of 1.5 million users, of which 1.3 million were copied and leaked online.

The problem is the data didn’t contain only usernames and passwords, but also email addresses, making it a dream come true for spammers.

In addition, the algorithm used to encrypt the passwords is weak and can be cracked rather easily. In fact, hackers have already done this for a number of accounts including those of Gawker editors.

Previous incidents of this type have shown that a lot of people use the same password for all or most of their online accounts. It’s therefore fair to assume that decrypting the Gawker passwords will give hackers access to many of the listed email accounts.

“You should immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts as well,” Gawker advises in a FAQ about the incident.

It also seems that the compromise was much more extensive than the user database and involved Gnosis obtaining access to other Gawker data as well, such as 4 GB of internal chat logs, FTP passwords and confidential emails.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • DeviantART Members Emails Leaked By Marketing Partner Silverpop Systems
  • Trapster.com User Emails And Passwords Might Have Been Compromised
  • PlentyOfFish Resets User Passwords After Registration Details Theft
  • RockYou.com SQL Injection Flaw Exposes 32 Million Accounts Passwords
  • The Pirate Bay Compromised, Hacker Swipes Details Of 4 Million Users

    • Posted in Breaches And Incidents, Cybercrime, Data Theft, Hacked, Privacy, Targeted Attacks | Print This Post Print This Post

    This entry was posted on Monday, December 13th, 2010 at 6:14 am and is filed under Breaches And Incidents, Cybercrime, Data Theft, Hacked, Privacy, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Gawker Media Compromised, Database With 1.3 Million Emails, Usernames And Passwords Exposed

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »