Security Corner

Dec 26 2010   3:11PM GMT

Have You Been Gawkered?



Posted by: Ken Harthun
Tags:
cyber security
Hacking
Password
Vulnerabilities

A couple of weeks ago, servers at Gawker Media, Inc., who also runs the sites Lifehacker.com and Gizmodo.com were hacked by a group who calls itself Gnosis. Reportedly, more than 1.3 million user accounts, email addresses and passwords were obtained. The hacker group has managed to decrypt about half of the database contents and released it as a torrent.

You might be thinking that this is no big deal; people can just change their passwords. That’s true. The problem is that many people– against my and countless other security advisers’ advice–use the same combination of user credentials across multiple sites. The only way to mitigate the risk in this case is to change credentials at every site and never use the same password more than once.

To make matters even worse, quite a few of the accounts used ridiculously simple passwords. You can find a list of the top 250 most commonly used passwords here, but in case you’re wondering, here is a list of the top 10:

 2516 123456
 2188 password
 1205 12345678
  696 qwerty
  498 abc123
  459 12345
  441 monkey
  413 111111
  385 consumer
  376 letmein

The significance of “monkey” escapes me, but I’ve seen the other ones used many times in my role as sys admin.

Here’s what Woody Leonhard of Windows Secrets recommends:

While perusing the list is entertaining, the important lesson here is about password use. For example, let’s say you posted a comment on Lifehacker a few years ago. To post the comment, you had to give an e-mail address and password — which, at this very moment, somebody might be decrypting. Now let’s say you’re sloppy and using the same password for PayPal you used for Lifehacker. If a cyber thief has the foresight to sign on to PayPal with your e-mail address and cracked password, you can kiss your PayPal balance good-bye.

If there’s the remotest chance you’ve posted a comment on Lifehacker.com or Gizmodo.com, go immediately to Duo Security’s “Did I get Gawkered” site and enter your e-mail address. If your name’s on the list, change your passwords!

To that, I would add, “and be sure they are strong passwords.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: