Email addresses and passwords of more than 1.3 million registered users of Gawker Media websites have been made publicly available after a hacking group broke into the company’s servers last weekend.
Gawker websites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot. Gawker is warning users to change their account password and consider changing passwords to other websites if they are used for multiple accounts. The registration information was required to leave comments on the websites.
”We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” the company said on its website.
Gawker posted a detailed FAQ explaining the extent of the breach and how registered users can protect themselves. A group named “Gnosis” claimed credit for the attack and posted a file containing the passwords at several peer-to-peer networks. The stored passwords were encrypted.
“We are in the process of notifying those users who associated an e-mail address with their Gawker accounts,” the company said.
On Monday, Graham Cluley, senior technology consultant for UK-based security vendor Sophos, said the Gawker breach appears to be tied to a spam campaign on social networking site Twitter. Del Harvey, Twitter’s director of trust and safety, said the company reset passwords to compromised accounts. Those behind the spam campaign hijacked Twitter accounts that used the same Gawker password.
“We … deleted updates on accounts affected by acai spam; accounts were compromised in the Gawker properties hack,” Harvey posted Monday on Twitter.