Gawrker Media, parent of such sites as Gawker.com, Fleshbot [NSFW], Deadspin, Lifehacker, Gizmodo, io9, Kotaku, Jalopnik, Jezebel, Gawker.tv, and Cityfile, was hacked over the weekend. As a result, their user files were compromised. Although the password file was encrypted, the encryption was particularly weak, and vulnerable to a brute force attack. The hackers unencrypted about 188,000 of the 1,300,000 compromised passwords that were particularly vulnerable to “dictionary” look-up. See TechCrunch for details.
Any passwords used in commenting on Gawker media sites should be considered compromised and changed, if used elsewhere. Was your e-mail or account name compromised? You can check here.
The Wall Street Journal did a nice analysis on the top-50 passwords used. If you’re using anything like these for anything other than a throwaway account whose security is unimportant, consider learning more about how to pick a secure password. There’s a great post on the subject over at Gawker Media’s Lifehacker.
Also in the fallout, LinkedIn proactively disabled any user’s account whose e-mail was among those compromised, forcing a password reset.