Sunday, December 12, 2010

ALERT: Nightmare for Gawker Media and Possibly YOU

The websites belonging to Gawker Media have been hacked and the hackers have gained access to the passwords of commenters at the site.

It appears that all Gawker sites have stopped publishing new material.

According to NYT, the hackers published the passwords of some Gawker staff members and mockingly identified thousands of users who had listed their password as “password.”

On Twitter, one of the bloggers for Jezebel, a Gwker media site, wrote, “I’d write a post about how we’ve been hacked and can’t publish, but we’ve been hacked and can’t publish.”

At its flagship site,, the following statement was posted:

Commenting Accounts Compromised — Change Your Passwords

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords.

We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us. For tips on creating strong passwords, see this post on Lifehacker.

To change your password on Gawker, click your username at the top of the page and choose the "Password" link towards the middle of the next page.
Bottom Line: If you have ever commented at any of the below Gawker Media sites, consider yourself hacked, and your password in the hands of the hackers.

  • Gawker

  • Jezebel

  • Gizmodo

  • Lifehacker

  • Deadspin

  • io9

  • Kotaku

  • Jalopnik

  • UPDATE: Sad but true, S.M Oilva emails:
    The FTC will have a field day with this. They're pouncing on any excuse to give themselves more power over website "privacy" issues.   

    Gawker's in for a visit from Chairman Leibowitz and company.


    1. Really shocking news share i can't believe that hackers are to sharp and they can also trying to hack popular sites.

    2. I started an ISP in 1990. I bought a computer from Dell and put Solaris 386 on it. It is private property in my basement. The USG has no rights with regard to it absent infringement of law. I leased a high speed line from Bell Atlantic, they were available to anyone with the cash. I paid UUNET at the other end of my line to take my internet traffic and exchange it with other high level providers, a service available from countless other suppliers. I put in phone lines and modems and sold people user accounts on my server. What about this justifies "regulation" any more than a magazine or newspaper? TV and radio is regulated because of scarce airwaves. Telephone is regulated because of natural monopoly of running wires into your home. But Internet is just a voluntary connection of computers. There is nothing that justifies regulation. Our new unlimted government.

    3. I propose that the USG start another Internet, one with all the regulations and protections it desires. It would not cost much, a few rented rooms in NYC and LA could be the exchange points. A couple super Cisco routers and anyone can come in and conect to each other on the new USG Internet. As long as they do not connect to the existing network, it will be an independent duplicate of the Internet for anyone who selects it. I'm not that strong on the technology but I believe it could be done with no hardware at all: just program the existing Cisco routers to not exchange routing tables between two discrete networks. i.e., if you are connected to the public unregulated internet your computer will never see the routes to connect to the USG Internet and visa versa. A USG Internet user will never get one packet of data from the dangerous unregulated Internet. Lets see which net the world prefers to use; the unregulated wild west or the improved USG Internet. As a necessary collary, people could create another independent Internet and migrate over if regulation becomes burdensome. Of course all the laws are written so generally they cover not only the existing net but any attempt to link private computers. I'll bet you private machines exchanging email by uucp (unix to unix copy) over 1200 baud modens (or even mailed 1.44 MB 3 1/2 inch disks) will be covered by any Internet regulation.