Gawker comment DB hacked.

Gawker comment DB hacked.

www.mediaite.com

Yesterday Gawker Media denied reports that their database of 1.5 Million usernames, emails and passwords had been hacked. Comments broadcast via the apparently compromised Twitter feed of Gawker Media’s tech and gadget site Gizmodo strongly suggested a security compromise.

Update #2 – Data has been shared and Gawker’s CMS as been hacked as well.

(visit the link for the full news article)

Oh dear If you use gawker, gizmodod or lifehacker you better change your passes. Oh they are being shared on the chans by the way.

"I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one."

What it seems to be over below

Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After The Jump)

All I got to say is this...

We are the Elite

www.google.com...

These are NOT password hashes, these are MD5s of the EMAIL addresses, so folks can see if they are affected without having to grab the torrent.

You should probably NOT change your gawker account password until they fix their security, but DO make sure that this password is not used elsewhere

reply to post by aivlas


Yep... Hdmoore set this up so you can check to see if you are effected....

Hdm is a good guy

Yep my password is out there. but when I downloaded the torrent, one of my old accounts had their password sort of encrypted or with a bunch of characters that dont mean anything.

Firstly, the "1.3 million passwords" figure is a little bit of a misnomer. There are a bunch of files floating around the torrent sites, one of which is, indeed, a "full" database dump of usernames, encrypted passwords, and e-mail addresses. That file is 1,247,894 lines. Trouble is, the raw data isn't normalized at all, and so there are actually right around a half million e-mail addresses, and something close to ~200k complete username + password + e-mail address credentials. That all said, the data most people are actually looking at today is 188,281 credentials strong, which is the pre-cracked list of credentials distributed with the drop (one exception are the guys at Duo Security, who are cracking the DES-encrypted passwords independently).

blog.metasploit.com...

Bottom line is.. If you know someone's Email address or their common user name? You can check this db for it, and .. well lets just say, I have not yet encountered one I've tested that has NOT used the same password.

So, I've changed my gmail password, but as it is ultimately one of a number of 'throwaway' accounts, I am not so concerned. I don't even remember registering to any of these services.. ha.

But the average dude/dudette who uses the same password, username, email address for everything, you've got a lot of work to do because people are not just checking the systems targeted.... any forum, online service etc, that You have used an email or username that can be found in google, and if you use the same password...

may as well open the doors and windows to your house too

hopefully it's a lesson to both slack server admins who think they are so cool, and the average user who thinks 'password' or 'qwerty' or '123456' is a groovy password on every site they log into..

Originally posted by DuneKnight
Yep my password is out there. but when I downloaded the torrent, one of my old accounts had their password sort of encrypted or with a bunch of characters that dont mean anything.

Hashed. Nothing one person with enough time and enough motive would not breeze through.

Unless you use that account on multiple services, I'd just change it and forget about it. Unless you're someone special out there in cyber land, there will be very little interest in being you on an old account.

Originally posted by aivlas
www.google.com...

These are NOT password hashes, these are MD5s of the EMAIL addresses, so folks can see if they are affected without having to grab the torrent.

You should probably NOT change your gawker account password until they fix their security, but DO make sure that this password is not used elsewhere

They leaked both hashed and revealed usernames, email addresses and passwords.

Sure, wait for them to update their security, but by all means also change your password if you use it multiple times on any other service.

One person I tested and found online was open on at least 4 different forums.

out of all those accounts, just think how many are going to be abused that link to facebook, twitter, etc...

A Lot!

I read a hacked password list a few years ago and it's amazing how many people use simple passwords, passwords that are almost like their e-mail, their real name, their city, etc.. a lot of the passwords are the same too.

I have numbers, letters and alternating capitals.

reply to post by badw0lf


Dude please learn to read or think through your replies before writing them, that list is hashed emails so people can check to see if they are effected that is all and yes people aren't going to want to pretend to be non staff online but they now have a giant list of accounts to spam with