Hackers have gotten a hold of the database containing usernames and passwords of roughly 1.4 million users who have posted a comment to the Gawker website or any of its popular affiliates. If you've ever made a comment on any of the Gawker sites then your information has likely been compromised as a result of this breach. Also, due to clowns using the same password on multiple sites there are reports of a number of twitter accounts and other social media sites having those accounts compromised as well.

1. Gawker Hacked - Database Exposed
Hackers have gotten a hold of the database containing usernames and passwords of roughly 1.4 million users
who have posted a comment to the Gawker website or any of its popular affiliates, including lifehacker.com,
gizmodo.com, jalopnik.com, jezebel.com, kotaku.com, deadspin.com and others.
They are not keeping this database to themselves either. They‟ve uploaded the entire thing to the public torrent
tracker thepiratebay.org, including their rough analysis of the database, plaintext credentials for a number of
Gawker employees, 200,000 decrypted passwords they‟ve cracked, as well as the entire 1.4 million encrypted
usernames, email addresses, and encrypted passwords.
Technical details on the hack are fairly slim at the moment, but the hacking group Gnosis has claimed
responsibility for it. This little tidbit was included in the upload of the database to thepiratebay.org:
“F@#$ you gawker, hows this for “script kids”?
Your empire has been compromised, Your servers, Your database‟s, Online accounts and source code have all
be ripped to shreds!
You wanted attention, well guess what, You‟ve got it now!”
It appears that Gnosis was able to guess the password of Gawker founder Nick Denton for his account on the
Campfire team-collaboration portal that Gawker uses for internal communications and real-time chat amongst
staff. Once Gnosis had access to this they were able to obtain a wealth of information from the reported 4
gigabytes of chat logs.
It seems that the password for the MySQL database was also disclosed somewhere in these logs. With the SQL
credentials in hand, it was a trivial matter for Gnosis to dump large amounts of information, including
usernames, email addresses, and encrypted passwords. Unfortunately the encryption used to protect the
passwords was the ancient and deprecated Data Encryption Standard (DES) which uses a measly 56 bit
encryption key.
WEB PHONE EMAIL
WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM

2. Due to this poor encryption scheme, any password over 8 characters is truncated to 8 before being stored in the
database. Users with a password greater than 8 characters will not have the entire thing compromised, but
access to their account will still be possible with the first 8 characters if cracked. Gnosis has cracked roughly
200,000 of the 1.4 million passwords contained in the database they dumped. All of the hashes are available for
cracking by anyone who‟s interested and has some spare CPU power.
A rough analysis of the passwords cracked is pretty horrifying. Some gems:
2000 passwords were „password‟
150,000 passwords consisting of all lowercase letters
3000 passwords were „123456‟
Nick Denton had a password consisting of all numbers
If you‟ve ever made a comment on any of the Gawker sites then your information has likely been compromised
as a result of this breach. Also, due to clowns using the same password on multiple sites there are reports of a
number of twitter accounts and other social media sites having those accounts compromised as well.
Don‟t use the same password for everything. This can‟t be stressed enough. Use a different password, or a
variation of the same password.
Slate has rigged up a little widget on their site that claims to check email addresses against the compromised
database to see if you‟re a victim.
Find it here http://www.slate.com/id/2277768/
Written by Redspin Engineer, Mark Marshall, aka fulg0re
WEB PHONE EMAIL
WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM