Gawker passwords pilfered in server hack

Gawker users are advised to change their passwords following a hack.

Data security

Gawker Media has admitted passwords were stolen in a hack on its user databases.

Whilst the stored passwords were encrypted, Gawker said, simple ones may still be vulnerable to a brute force attack, where constant attempts to crack the key are made until the hackers are successful.

Users have been advised to change their passwords for Gawker websites and for any other site on which they use that same password.

"We're deeply embarrassed by this breach," a note on the Gawker website read.

"We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us."

Other Gawker sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.

"We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security - and of trust," a separate note on Lifehacker read.

"We're working around the clock to ensure our security (and our commenters' account security) moving forward."

A group going by the name of Gnosis has claimed credit for hacking Gawker's servers, reportedly posting a file on the Pirate Bay.

The file contained numerous passwords, including those of Gawker founder Nick Denton.

As yet, there has been no definite link between Gnosis and the Anonymous hacker group who have been going after anti-WikiLeaks services.

A related Twitter hack?

Following the Gawker compromise, hundreds of thousands of Twitter accounts were hacked as well.

Del Harvey, Twitter's director of trust and safety, said she suspected these new hacks used the same passwords as those taken from Gawker.

The hacked Twitter accounts have been used by spammers to send messages attempting to direct users to a supposed acai berry diet website.

"Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise," Harvey wrote on her own Twitter page.

"In other words: the acai berry attack looks to be connected w/the Gawker hack rather than a worm."

Ethical hacker Jason Hart, senior vice president at CRYPTOcard, told IT PRO hacks like the one against Gawker are becoming easier to carry out.

"With the ease of hacking and cracking passwords, there need to be additional layers of security," Hart said.

"Encrypting passwords does not prevent brute force attacks."

Sophos has told web users to mix up their passwords for added security.

According to a Sophos poll carried out last year, a third of respondents said they used the same passwords for all of their online accounts.

Just a fifth used different passwords for all their various accounts.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020