If you have ever signed up to post comments on any of Gawker Media’s nine sites (listed below) then you should immediately log into the site and change your password. You should also change the passwords for any sites where you use the same password, since the exposed password leaves you vulnerable to attack on other sites. Here’s everything you need to know about the recent Gawker Media hack.
Who are the people behind Gnosis?
It’s been speculated that Gnosis members may be users of the 4chan message board, since Gawker had previously engaged in a feud with 4chan users, according to The Next Web. However, Mediaite has an interview with someone claiming to be a representative from Gnosis who said the group has no relation to 4chan. The person also told Mediaite that Gnosis had attacked Gawker because of the site’s “outright arrogance.”
The hackers were able to grab the e-mail addresses and password information for nearly 1.3 million Gawker users (people registered to leave comments), and the source code for Gawker Media’s custom-built content management system, according to Mediaite.
Most of the passwords were encrypted, but more than 200, 000 registered commenter accounts were cracked. The hackers were also able to release a list of Gawker employee user names and passwords including credentials for Gawker founder Nick Denton.
What is being done with the stolen information?
Some of the stolen login credentials (including the 200,000 decrypted passwords) are now part of a 500MB torrent file that is widely available for download using a BitTorrent client such as Vuze.
Which sites are affected?
This hack included credentials for all Gawker Media sites including Deadspin, Fleshbot, Gawker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, and Lifehacker.
I use the same password on Gawker as I do for my bank, what should I do?
You should make sure that every site you use (especially the more sensitive ones such as e-mail, financial accounts, and major social media services such as Facebook, MySpace, and Twitter) has a unique and difficult-to-guess password.
If you have a hard time remembering passwords, then you should also consider using a password manager such as LastPass (my personal favorite), 1Password or KeePass.
I log in to Gawker with Twitter, am I in the clear?
No. Around midnight Monday morning, Twitter was warning users who had linked their Twitter accounts to Gawker to change their Twitter passwords. It appears some Twitter accounts are tweeting out the terms “Acai Berry” or something similar after a worm designed to send out spam infected their accounts. Twitter said this worm attack appears to be related to the Gawker incident. To protect yourself from the worm all you have to do is change your password.
What about if I log in with Facebook Connect?
If you’ve logged in to Gawker using Facebook Connect you should not be affected, as Gawker does not have access to your Facebook login credentials.
Credential theft like this can be annoying, but it is also a part of online life. One of the best ways to protect yourself is to make sure you never use the same password on multiple sites. And never use simple passwords such as “1234” or “Password,” which apparently some Gawker users were doing.