As seems to be the norm lately, Gawker was hacked and taken down this weekend by a group with loose ties to 4chan, the Internet equivalent of a pirate island. All Websites under the Gawker Media brand–Lifehacker, Gawker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, Fleshbot, Deadspin–were affected by the attack as well. 1.5 million usernames and passwords were compromised in the attack. After taking over the Gawker site, the hackers who call themselves “Gnosis” published the passwords of site staff members and published a long list of users whose password was “password.” Having a good time, the hackers shared bits and pieces of Gawker’s custom CMS source code as well.
Below is a quote from one of the hackers, posted on Mediaite.
“We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We found an interesting quote in their Campfire logs:
Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After
Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012
I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one.
We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time.”
While initially denying the attack, Gawker has issued an apology to its users on all of its sites, urging them to change their passwords because of the attack. Though passwords were encrypted, simple passwords (such as “password”) may be cracked by group, which has a complete copy of the entire account database.
“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” said Lifehacker. “We’re working around the clock to ensure our security (and our commenters’ account security) moving forward. We’re also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and what we’re doing to make sure this never happens again.”
If you have ever commented on any of the Gawker sites, we recommend that you go and change your password. What do you think of this rise of Internet hacking groups? Is it better when hacking is done in the dark or when it’s out in the public like this and Operation Payback?
- The best password managers for protecting your data online
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- North Korea denies accusations of WannaCry attack involvement
- Secret Service warns of ‘jackpotting’ hackers targeting ATMs in the U.S.
- Intel warned Chinese tech firms of security flaws before telling U.S. government