Hackers broke into servers belonging to Gawker Media over the weekend, causing mischief and making off with more than 1.3 million user names and passwords. The account belongs to users who have commented on websites run by the company, ranging from the flagship Gawker to highly trafficked websites such as Gizmodo and Lifehacker.
In a virtual slap across the face, the hackers, who used the name "Gnosis," published an article on Gawker that linked to the source code of the site as well as the 487MB file containing details of the compromised accounts. While the data is encrypted via MD5 hash, "simple ones may be vulnerable to a brute-force attack" noted Gawker Media in a statement that also urged users to change their passwords.
Elsewhere, various media outlets and bloggers are digging into the most popular passwords that are in use. On this front, The Wall Street Journal has a detailed article on The Top 50 Gawker Media Passwords. As expected, the need to use different passwords for different sites is also a topic that is reiterated across the web, with dedicated password tools recommended to maintain them.
Beyond the obvious embarrassment and security implications of the stolen account details however, the biggest repercussion is a long-time one for Gawker. In a purported interview with members of Gnosis, one of the hackers bragged about how a site like Gawker with its large code base means that it is stuck with running what is in effect public code until a new private version can be released--something which will take a long time. In the meantime, the hacker noted that "anyone can view how it works, meaning exploits can be found for the code."
For more on this story:
- check out this article at New York Times
- check out this article at Computerworld
- check out this article at The Wall Street Journal
- check out this article at Geekosystem
In a virtual slap across the face, the hackers, who used the name "Gnosis," published an article on Gawker that linked to the source code of the site as well as the 487MB file containing details of the compromised accounts. While the data is encrypted via MD5 hash, "simple ones may be vulnerable to a brute-force attack" noted Gawker Media in a statement that also urged users to change their passwords.
Elsewhere, various media outlets and bloggers are digging into the most popular passwords that are in use. On this front, The Wall Street Journal has a detailed article on The Top 50 Gawker Media Passwords. As expected, the need to use different passwords for different sites is also a topic that is reiterated across the web, with dedicated password tools recommended to maintain them.
Beyond the obvious embarrassment and security implications of the stolen account details however, the biggest repercussion is a long-time one for Gawker. In a purported interview with members of Gnosis, one of the hackers bragged about how a site like Gawker with its large code base means that it is stuck with running what is in effect public code until a new private version can be released--something which will take a long time. In the meantime, the hacker noted that "anyone can view how it works, meaning exploits can be found for the code."
For more on this story:
- check out this article at New York Times
- check out this article at Computerworld
- check out this article at The Wall Street Journal
- check out this article at Geekosystem
No comments:
Post a Comment