Skip to main content

Gawker hacked, 1.5 million accounts compromised

gawker-hack-attack-millions-of-accounts-compromised

As seems to be the norm lately, Gawker was hacked and taken down this weekend by a group with loose ties to 4chan, the Internet equivalent of a pirate island. All Websites under the Gawker Media brand–Lifehacker, Gawker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, Fleshbot, Deadspin–were affected by the attack as well. 1.5 million usernames and passwords were compromised in the attack. After taking over the Gawker site, the hackers who call themselves “Gnosis” published the passwords of site staff members and published a long list of users whose password was “password.” Having a good time, the hackers shared bits and pieces of Gawker’s custom CMS source code as well.

Below is a quote from one of the hackers, posted on Mediaite.

Related Videos

“We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We found an interesting quote in their Campfire logs:

Hamilton N.: Nick Denton Says Bring It On 4Chan, Right to My Home Address (After
The Jump)

Ryan T.: We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012

I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire” needs to be brought down a peg or two. Our groups mission? We don’t have one.

We will be releasing the full source code dump along with the database at 9PM GMT today. You are the only outlet we have told the release time.”

While initially denying the attack, Gawker has issued an apology to its users on all of its sites, urging them to change their passwords because of the attack. Though passwords were encrypted, simple passwords (such as “password”) may be cracked by group, which has a complete copy of the entire account database.

“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust,” said Lifehacker. “We’re working around the clock to ensure our security (and our commenters’ account security) moving forward. We’re also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and what we’re doing to make sure this never happens again.”

If you have ever commented on any of the Gawker sites, we recommend that you go and change your password. What do you think of this rise of Internet hacking groups? Is it better when hacking is done in the dark or when it’s out in the public like this and Operation Payback?

Editors' Recommendations

Topics
Surface: Microsoft has reportedly sold 1.5 million tablets, with Pro version selling faster
Microsoft Surface RT vs Pro

Microsoft’s more expensive Surface Pro tablet is selling way better than the more basic RT model, according to information obtained by Bloomberg.
The sales figures won’t have Microsoft CEO Steve Ballmer jumping manically around a stage in sweaty excitement anytime soon, but what is interesting is that it’s clear that many buyers turned their nose up at the RT model, deciding instead to wait for the launch of the pricier and more powerful Pro version.
Around a million Surface RT tablets have sold since it hit the market in October 2012, while the Pro model, which launched much more recently, on February 9, has reportedly sold somewhere in the region of 400,000 units. Bloomberg’s information came from three people familiar with the matter, the news organization said.
Sales may well have been healthier had Microsoft better handled the launch of the Pro model last month. Many stores appeared to have had only a few in stock at launch, and supply issues – especially with the top-end 128GB $999 model – seem to have been sorted out only recently.
Comparison
To compare the reported figures with the current leader in the tablet market, Apple sold a shade under 23 million iPads in the last three months of 2012, with the Cupertino company’s device accounting for just over half of all tablets shipped – 128.3 million – in 2012. So clearly, Microsoft still has a lot to do.
Of course, it’s still relatively early days for the Surface tablet, but recent RT-related news hasn’t been particularly good for Microsoft, with weak sales in Europe leading Samsung to halt sales of its RT tablet in Germany.
If Bloomberg’s figures are accurate and sales don’t improve for the RT model, somewhere down the road the Redmond-based company could take the decision to dump the RT device and pour all of its resources into the high-end Pro version instead.
Microsoft’s RT tablet currently retails for $499 (32GB) and $599 (64GB) while the Pro version can be picked up for $899 (64GB) and $999 (128GB).

Read more
LulzSec wages war with Anonymous and 4Chan, releases 62,000 logins [update]
lulzsec-vs-anonymous

The rascally hackers of Lulz Security have unleashed pure havoc on the entire Internet today with the release of 62,000 email-password combos that serve as the login credentials for, well, we're not exactly sure — the group, better known as LulzSec, won't say explicitly. But so far Twitter users have reported hacked Gmail, PayPal, Facebook, Hotmail and Twitter accounts related to the stolen data, so it appears that nothing's safe if you're unlucky enough to have made the list.
The lulz seem to be going both ways with this one: good and nauseatingly bad. While at least one user reports having received an email chocked full of child pornography, others have gotten (un-earned) super-boosts to their World of Warcraft accounts (at the expense of someone else, of course). All-in-all, it would seem LulzSec's shenanigans are going precisely according to plan.
In addition to the leak, LulzSec has begun to take shots at an unlikely target: 4Chan.org and its infamous /b/ message board. 4Chan is famously the original home of another hacker group, Anonymous, and is the source of a wide variety of popular Internet memes, like LolCats and Rick Rolling.
According to VentureBeat, the moves against 4Chan began after LulzSec kicked-off a "DDoS party" on a variety of websites and game servers popular with gamers, including that of EVE Online, League of Legends and Minecraft, all of which faced outages or major slow-downs because of the flood of malicious traffic.
Visitors to 4Chan's /v/ imageboard, whose users focus on video games, caught wind of the attacks, and began their own DDoS campaign against anything related to LulzSec.
Today, LulzSec continued the civil war of the online underground with a series of tweets meant to provoke 4Chan visitors.
"Everybody visit this cool and edgy imageboard, they love new members!" wrote LulzSec on its 150,000-follower-strong Twitter feed, with a link to /b/. "Ask them how to triforce and how to become legion."  LulzSec followed this up with a variety of other tweets drawing attention to /b/, with suggestions for how to annoy its regular users.
It may seem odd to some that LulzSec would hit so close to Anonymous' home, seeing as they are both hacker groups that have hit similar targets. (Or, in the case of Sony, the same target.) But LulzSec has consistently denied any relation to Anonymous. And now, it seems, the two groups are at war*.
"We are the concentrated success of 2005 /b/, being ‘hunted’ by the 2011 furry horde. Challenge accepted, losers," Anonymous posted to its Twitter account.
At the beginning of this writting, 4Chan either failed to load or loaded extremely slowly, a sign that a DDoS attack was underway. By the the time of publication, the site was running smoothly.
UPDATE: *Both Anonymous and LulzSec have denied that they are at war. "Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger," said LulzSec on Twitter early Friday afternoon. The Anonymous-associated Twitter feed YourAnonNews furthered that assertion, saying, "We are NOT at war with @LulzSec."

Read more
Did a 16-year-old girl help take down HBGary?
did a 16 year old girl help take down hbgary anonymous thumb

When you think of the hackers behind the mysterious group Anonymous, you might think of anything from James Bond-esque computer wizards to cyber-security professionals who lead secret double lives to over-weight college kids with too much time on their hands and a hankering for mischief. What many of you probably didn't think of, however, was a teenage girl who works at a salon.

According to Forbes, one of the four hackers responsible for infiltrating software security company HBGary and its sister company HBGary Federal and releasing tens of thousands of reputation-killing emails, is a 16-year-old who goes by the name 'k' or Kayla. She has been part of the politically-minded hacktivist group Anonymous — famously responsible for disrupting the websites of Visa, Master Card, PayPal and the governments of Egypt, Yemen and Tunisia, among others — since 2008.

Read more