1.3 million Gawker emails and passwords available in a torrent

Matthew DeCarlo

Matthew DeCarlo

Posts: 5,271   +104
Staff

Gawker Media suffered a massive security breach on Sunday night after the email addresses and passwords for more than a million members leaked online. A hacker group dubbed "Gnosis" has claimed credit for publishing the information, which is now available as a 487MB torrent download.

"We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security -- and of trust. We're working around the clock to ensure our security (and our commenters' account security) moving forward," the blog network said in a FAQ post Sunday.

Users who log into Gawker sites via Twitter or Facebook don't have to worry about their data, and while all of the standard account passwords were originally encrypted, nearly 200,000 weak ones have already been decoded. The WSJ has analyzed the cracked passwords revealing a scary trend.


As we've seen in previous leaks, some of the most popular passwords can hardly be considered passwords at all. More than 3,000 of the decrypted passwords were simply "123456". Nearly 2,000 other accounts were 'protected' by "password", while more than a thousand used "12345678".

Hundreds of other users chose clever safeguards such as "qwerty", "0", "letmein", "passw0rd", and "trustno1" (a reference to the X-Files). If you're bored, The Wall Street Journal has published an anonymized list of the 188,279 cracked passwords on Google Fusion Tables.

All Gawker members should change their password immediately for safety's sake, and you can use Slate's widget to determine if your account has been compromised. Folks using passwords like "123456" outside of Gawker should exercise a little preemptive damage control and change those, too.

Permalink to story.

https://www.techspot.com/news/41571-13-million-gawker-emails-and-passwords-available-in-a-torrent.html

 
"Users who log into Gawker sites via Twitter or Facebook don't have to worry about their data, and while all of the standard account passwords were originally encrypted, nearly 200,000 weak ones have already been decoded. The WSJ has analyzed the cracked passwords revealing a scary trend."
 
I don't log into any of those sites, but it's still scary stuff. the 12345/123456 passwords remind me of Spaceballs... lol
 
First they expose my password to hackers, then when I go to delete my Gawker account (which I haven't used in ages), I get the following:

"We understand how important trust is on the web, and some of you may wish to delete your Gawker Media account. Currently account deletion is not available. We will, however, give you this option as soon as possible."

Which I translate to:

"We understand how important it is for us to keep our numbers up, and we're scared s---less that a significant portion of our readership is going to abandon us, so we're not going to allow them to do so."

Nice ethics, Gawker
 
They won't allow account deletion probably because who knows who might have access your account (passwords were stolen right?) and delete it.
 
Aye. I'm sure there are plenty of reasons why they wouldn't let you delete your account at the moment. Slow down on the assumptions and be patient.
 
The most likely reason they don't want people deleting their accounts is since the user data is floating out there, anyone who can decrypt passwords or has a list of decrypted passwords could go to the site and start mass deleting users as an act of vandalism.

Locking the delete function is likely to keep that from happening, though I suppose such a measure is a shoddy one at best, and those who have control over compromised users can vandalize these sites with spam/ad posts... it's basically a lose lose unless they can come up with a way to figure out which user/computers are the legitimate owners of the account.

Also, this comic is quite relevant lol... http://xkcd.com/792/

edit: that's what I get for sitting in the post reply page for an hour... lol
 
I find this more than good, first to let the companies that manage our passwords and private data to keep security at bay and not take anything for granted, on the other hand a facepalm for dumb users who think their passwords are clever, the only thing thats left right now is iamgod or superuser or crap like that.

I once read a good way to make secure passwords and that way is to think of a phrase like... My birthday is January 10 and I was born on 1990, and get first letters and numbers, MbiJ10aIwbo1990 for example.
 
Just adding an uppercase letter, or a symbol or a mix of letter and numbers would make a huge difference, even to these simple passwords. It seems though like passwords may no longer be the best way to secure logins. Maybe we need to use certificate based logins or some other method.
 
rofl, i can't help but laugh at people who choose passwords like 123456 or "password" common people. Get with the 20th century.
 
Damn and I was so sure my password was on the list. So what the hell was it ? I hope they crack it soon lol.
 
We just need another "Hackers" movie to raise awareness. I don't see love, sex, secret or god on there.

But still - just wow. How can people really be that careless?
 
For those of you who got the message "Deletion of accounts is no longer available" that is for your protection not for gawkers statistics, if the hacker decided to they could have gone in and deleted everyones accounts.
 
How is a hacker deleting my account worse than a hacker using my account to spam the comment forums? If I keep my account and use a new password, why should I trust Gawker to protect the new password on my account better than they did the last one? I want out. Let me out.
 
You must log in or register to reply here.

Similar threads

Shawn Knight
Xfinity data breach impacts over 35 million customers
Replies
6
Views
268
Neatfeatguy
N
midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
278
p51d007
p51d007
A
23andMe is now blaming users and their recycled passwords for data breach
Replies
6
Views
301
mbk34
M

Latest posts

Back