December 13, 2010

Gawker Confirms Hacking; Calls For Password Changes

Gawker Media is advising subscribers to change their passwords after the website's user database was hacked over the weekend.

"Our user databases appear to have been compromised," officials from the media conglomerate said in a statement posted online. "The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords."

"We're deeply embarrassed by this breach," they added.

In a related post on Gawker-owned website Lifehacker, the company said that their Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot websites were affected, and that a group referring to themselves as 'Gnosis' had claimed credit for the cyberattack.

According to BBC News reports, the attack allowed spammers to assume control of thousands of Twitter accounts, which were then used to send spam messages through the micro-blogging website. Furthermore, the Gnosis group released a 500MB file via the Bittorent file-sharing system, which reportedly contained the information stolen from the network of entertainment websites.

No motivation for the attack was given, but according to the Associated Press (AP), Securosis CEO Rich Mogull said that the group could have been out for bragging rights. Furthermore, the AP says, "the attacks probably are unrelated to recent cyberspace attacks over the WikiLeaks site's release of classified government documents, but Gawker could have angered some of the same people."

Last week, supporters of WikiLeaks referring to themselves as 'Anonymous' launched a series of attacks on websites of companies who broke ties with the website after it posted thousands of sensitive or secret US government cables. Among the group's targets were MasterCard, Visa, PayPal, and the Swiss prosecutor pursuing rape and molestation charges against WikiLeaks founder Julian Assange.

As for Gawker, in their Lifehacker statement they said that they were going to employ "an independent security firm to improve security across our entire infrastructure" and that they would "continue to work"¦ with independent auditors to ensure we maintain a reliable level of security, as well as the processes necessary to ensure we maintain a safe environment for our commenters."


On the Net: