Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gawker Source Code and Databases Compromised

Posted by samzenpus on from the let's-see-what-we-have dept.

An anonymous reader writes "Passwords and personal data for 1.3 million Gawker Media readers — this includes readers of sites like Gizmodo, Lifehacker, Kotaku, and io9 — have been released as a BitTorrent by a group of hackers called Gnosis, who also managed to gain access to both the Gawker CMS and Gizmodo's Twitter account. Gawker confirms and urges readers to change their passwords: 'Our user databases do indeed appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change the password on Gawker (GED/commenting system) and on any other sites on which you've used the same passwords. Out of an abundance of caution, you should also change your company email password and any passwords that may have appeared in your email messages. We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems.'"

6 of 207 comments (clear)

  1. Someone forgot to log out of the CMS... by RagingMaxx · · Score: 5, Funny

    ... on their iPhone 4, which for some reason they appear to have left at the bar...

  2. The torrent file... by Anonymous Coward · · Score: 5, Informative

    http://thepiratebay.org/torrent/6034669

    1. Re:The torrent file... by Anonymous Coward · · Score: 5, Insightful

      So I can check if my address and password were included so I know whether to go round changing them everywhere...

    2. Re:The torrent file... by zonker · · Score: 5, Informative

      Someone uploaded the database to Google's Fusiontable's for you to search for your info against:

      http://www.google.com/fusiontables/DataSource?dsrcid=350662

      Instructions for use:

      1. Get the MD5 of your email address (lowercase)
      - Online: http://pajhome.org.uk/crypt/md5/
      - Shell: $ echo -n mylowercase@email.com|md5sum
      2. Search for the hash (via Show Options)
      3. Change your password

      By the way for Mac users like me that command won't work. Try md5 -r instead of md5sum

      --

      Large print giveth, and the small print taketh away

  3. Re:Goodwill? by LighterShadeOfBlack · · Score: 5, Insightful

    He's not calling what the hackers did 'goodwill', he's saying they shouldn't allow a situation to come about where the goodwill (or lack thereof) is the difference between an e-mail advising of the vulnerability and... well... this. In other words he's taking responsibility for the vulnerability in their systems instead of trying to say that it's all the evil hackers fault for exploiting it. A refreshing change from the usual response to this kind of thing.

    --
    Spelling mistakes, grammatical errors, and stupid comments are intentional.
  4. That's not the most insecure part by The+Moof · · Score: 5, Insightful

    I find that message from Gawker amusing because they don't even secure their login form with SSL. They're concerned about the database getting stolen with unreadable passwords that might be cracked with enough time, but they turn a blind eye to the fact that authentication information is sent in the clear from the form...