Security Bytes

Dec 14 2010   2:14PM GMT

Gawker data breach exposes passwords, email addresses

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Email addresses and passwords of more than 1.3 million registered users of Gawker Media websites have been made publicly available after a hacking group broke into the company’s servers last weekend.

Gawker websites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot. Gawker is warning users to change their account password and consider changing passwords to other websites if they are used for multiple accounts. The registration information was required to leave comments on the websites.

”We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” the company said on its website.

Gawker posted a detailed FAQ explaining the extent of the breach and how registered users can protect themselves. A group named “Gnosis” claimed credit for the attack and posted a file containing the passwords at several peer-to-peer networks. The stored passwords were encrypted.

“We are in the process of notifying those users who associated an e-mail address with their Gawker accounts,” the company said.

On Monday, Graham Cluley, senior technology consultant for UK-based security vendor Sophos, said the Gawker breach appears to be tied to a spam campaign on social networking site Twitter. Del Harvey, Twitter’s director of trust and safety, said the company reset passwords to compromised accounts. Those behind the spam campaign hijacked Twitter accounts that used the same Gawker password.

“We … deleted updates on accounts affected by acai spam; accounts were compromised in the Gawker properties hack,” Harvey posted Monday on Twitter.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: