Gawker Media suffered a massive security breach on Sunday night after the email addresses and passwords for more than a million members leaked online. A hacker group dubbed "Gnosis" has claimed credit for publishing the information, which is now available as a 487MB torrent download.
"We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security -- and of trust. We're working around the clock to ensure our security (and our commenters' account security) moving forward," the blog network said in a FAQ post
Users who log into Gawker sites via Twitter or Facebook don't have to worry about their data, and while all of the standard account passwords were originally encrypted, nearly 200,000 weak ones have already been decoded. The WSJ has analyzed
the cracked passwords revealing a scary trend.
As we've seen in previous leaks, some of the most popular passwords can hardly be considered passwords at all. More than 3,000 of the decrypted passwords were simply "123456". Nearly 2,000 other accounts were 'protected' by "password", while more than a thousand used "12345678".
Hundreds of other users chose clever safeguards such as "qwerty", "0", "letmein", "passw0rd", and "trustno1" (a reference to the X-Files). If you're bored, The Wall Street Journal has published an anonymized list
of the 188,279 cracked passwords on Google Fusion Tables.
All Gawker members should change their password immediately for safety's sake, and you can use Slate's widget
to determine if your account has been compromised. Folks using passwords like "123456" outside of Gawker should exercise a little preemptive damage control and change those, too.