Gawker passwords pilfered in server hack

Powered by SC Magazine
 

Gawker users are advised to change their passwords following a hack.

Gawker Media has admitted passwords were stolen in a hack on its user databases.

Whilst the stored passwords were encrypted, Gawker said, simple ones may still be vulnerable to a brute force attack, where constant attempts to crack the key are made until the hackers are successful.

Users have been advised to change their passwords for Gawker websites and for any other site on which they use that same password.

“We're deeply embarrassed by this breach,” a note on the Gawker website read.

“We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

Other Gawker sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.

“We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security - and of trust,” a separate note on Lifehacker read.

“We're working around the clock to ensure our security (and our commenters' account security) moving forward.”

A group going by the name of Gnosis has claimed credit for hacking Gawker’s servers, reportedly posting a file on the Pirate Bay.

The file contained numerous passwords, including those of Gawker founder Nick Denton.

As yet, there has been no definite link between Gnosis and the Anonymous hacker group who have been going after anti-WikiLeaks services.

A related Twitter hack?

Following the Gawker compromise, hundreds of thousands of Twitter accounts were hacked as well.

Del Harvey, Twitter's director of trust and safety, said she suspected these new hacks used the same passwords as those taken from Gawker.

The hacked Twitter accounts have been used by spammers to send messages attempting to direct users to a supposed acai berry diet website.

“Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise,” Harvey wrote on her own Twitter page.

“In other words: the acai berry attack looks to be connected w/the Gawker hack rather than a worm.”

Ethical hacker Jason Hart, senior vice president at CRYPTOcard, told IT PRO hacks like the one against Gawker are becoming easier to carry out.

“With the ease of hacking and cracking passwords, there need to be additional layers of security,” Hart said.

“Encrypting passwords does not prevent brute force attacks.”

Sophos has told web users to mix up their passwords for added security.

According to a Sophos poll carried out last year, a third of respondents said they used the same passwords for all of their online accounts.

Just a fifth used different passwords for all their various accounts.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Gawker passwords pilfered in server hack
 
 
 
Top Stories
There's no coke and hookers in the cloud
[Blog post] Where did the love go?
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1034

Vote