Gawker Media is dealing with a serious security breach after hackers managed to compromise several of its servers and leaked a database of 1.3 million usernames and passwords.
In a network-wide announcement, Gawker warns users who have an account on any of its ten highly-trafficked blogs, which include Gizmodo, LifeHacker, Jezebel and Kotaku, that their passwords were compromised.
"We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security—and of trust
," the media company says.
"We're working around the clock to ensure our security (and our commenters' account security) moving forward
," it adds.
A group called Gnosis took credit for the attack and it seems that its motive was Gawker's taunting of Anonymous and 4chan members, which at one point it called "script kiddies."
"Previous attacks against the target were mocked, so we came along and raised the bar a little
," Gnosis said. "You wanted attention, well guess what, You've got it now!
" it added.
Gnosis notes that the hacked database contained the login details of 1.5 million users, of which 1.3 million were copied and leaked online.
The problem is the data didn't contain only usernames and passwords, but also email addresses, making it a dream come true for spammers.
In addition, the algorithm used to encrypt the passwords is weak and can be cracked rather easily. In fact, hackers have already done this for a number of accounts including those of Gawker editors.
Previous incidents of this type have shown that a lot of people use the same password for all or most of their online accounts. It's therefore fair to assume that decrypting the Gawker passwords will give hackers access to many of the listed email accounts.
"You should immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts as well
," Gawker advises in a FAQ
about the incident.
It also seems that the compromise was much more extensive than the user database and involved Gnosis obtaining access to other Gawker data as well, such as 4 GB of internal chat logs, FTP passwords and confidential emails.