Gawker has urged users to change passwords after a major security hole was discovered. The flaw was found and brought to Gawker’s attention. Gawker hosts about 1.5 million user accounts used for commenting on the site. The way that the pop culture site found out about the security hole was, ironically, when a hacker logged in as reporter Adrian Chen and posted about the vulnerability in a false story. That has been removed, but management has warned users on another post (linked above) and Chen tweeted that he was not the story’s originator.
The hackers behind this, Gnosis (who’ve taken credit), communicated with Colby Hall of Mediaite about the hack. They say that the management and staff of Gawker have been arrogant towards the 4chan group (an anonymous network service popular amongst hackers). So they decided to bring the “Gawkmedia empire down a peg or two.”
The hackers reportedly gained access to not only usernames and passwords, but to the site’s internet content management system (CMS) as well as core data such as the media site’s core database, which includes emails. They’ve promised a press release detailing the Gawker attack today or tomorrow. They plan to release not only source code for the site, but also over a million emails, most between staffers at Gawker.
Other interesting tidbits were given as well. Such as the fact that 2,650 users had the passwords “password” or “qwerty” and a large chunk of those were registered to government email addresses (.gov, .mil, .edu).
These sorts of attacks are never fun for those embarrassed by the compromise and go to show that nothing out there is truly safe. Keeps you on your toes, that’s for sure. We should all be reminded to be mindful of our online presence at all times.