Gawker passwords pilfered in server hack

Gawker users are advised to change their passwords following a hack.

Data security

Gawker Media has admitted passwords were stolen in a hack on its user databases.

Whilst the stored passwords were encrypted, Gawker said, simple ones may still be vulnerable to a brute force attack, where constant attempts to crack the key are made until the hackers are successful.

Users have been advised to change their passwords for Gawker websites and for any other site on which they use that same password.

"We're deeply embarrassed by this breach," a note on the Gawker website read.

"We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us."

Other Gawker sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.

"We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security - and of trust," a separate note on Lifehacker read.

"We're working around the clock to ensure our security (and our commenters' account security) moving forward."

A group going by the name of Gnosis has claimed credit for hacking Gawker's servers, reportedly posting a file on the Pirate Bay.

The file contained numerous passwords, including those of Gawker founder Nick Denton.

As yet, there has been no definite link between Gnosis and the Anonymous hacker group who have been going after anti-WikiLeaks services.

A related Twitter hack?

Following the Gawker compromise, hundreds of thousands of Twitter accounts were hacked as well.

Del Harvey, Twitter's director of trust and safety, said she suspected these new hacks used the same passwords as those taken from Gawker.

The hacked Twitter accounts have been used by spammers to send messages attempting to direct users to a supposed acai berry diet website.

"Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise," Harvey wrote on her own Twitter page.

"In other words: the acai berry attack looks to be connected w/the Gawker hack rather than a worm."

Ethical hacker Jason Hart, senior vice president at CRYPTOcard, told IT PRO hacks like the one against Gawker are becoming easier to carry out.

"With the ease of hacking and cracking passwords, there need to be additional layers of security," Hart said.

"Encrypting passwords does not prevent brute force attacks."

Sophos has told web users to mix up their passwords for added security.

According to a Sophos poll carried out last year, a third of respondents said they used the same passwords for all of their online accounts.

Just a fifth used different passwords for all their various accounts.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Telegram bots are out to steal your one-time passwords
hacking

Telegram bots are out to steal your one-time passwords

30 Sep 2021
What makes a password secure?
Sponsored

What makes a password secure?

28 Sep 2021
Eight steps to fight ransomware
Whitepaper

Eight steps to fight ransomware

28 Sep 2021
Robust password policies cut cyber attacks by 60%
cyber security

Robust password policies cut cyber attacks by 60%

13 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021