Consider Updating Passwords After Gawker Media Hack


Gawrker Media, parent of such sites as Gawker.com, Fleshbot [NSFW], Deadspin, Lifehacker, Gizmodo, io9, Kotaku, Jalopnik, Jezebel, Gawker.tv, and Cityfile, was hacked over the weekend. As a result, their user files were compromised. Although the password file was encrypted, the encryption was particularly weak, and vulnerable to a brute force attack. The hackers unencrypted about 188,000 of the 1,300,000 compromised passwords that were particularly vulnerable to “dictionary” look-up.  See TechCrunch for details.

Any passwords used in commenting on Gawker media sites should be considered compromised and changed, if used elsewhere. Was your e-mail or account name compromised? You can check here.

The Wall Street Journal did a nice analysis on the top-50 passwords used. If you’re using anything like these for anything other than a throwaway account whose security is unimportant, consider learning more about how to pick a secure password. There’s a great post on the subject over at Gawker Media’s Lifehacker.

Also in the fallout, LinkedIn proactively disabled any user’s account whose e-mail was among those compromised, forcing a password reset.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.