Today, technology media giant Gawker, that runs sites including Gizmodo and Lifehacker, has had their source code and databases leaked to a popular torrent website.
Gawker issued in a statement to anyone who has an account on the commenting network that they are advised to change their passwords to prevent unauthorized access to the user's account. After the post by Gawker officials confirming the breach, those who leaked the source code and database also placed an article on Gawker regarding the situation. The goal of the compromiser's post, while at first looking somewhat official, was actually to get out word of just where the compromised information could be downloaded from.
The group, which is known just as Gnosis listed out exactly what was breached.
- Database dump (1.3+ million rows), including cracked passwords.
- Source dump
- Upcoming redesign
- List of gawker server kernel versions.
In addition to what was listed, several of the staff's Twitter accounts which were linked with Gawker were also compromised. Gawker's response on this has been a fast and action-taking one. Most of the staff has already changed their login information, and they urge commenters to do likewise.
Gnosis had this message to send to the media company:
So, here we are again with a monster release of ownage and data droppage. Previous attacks against the target were mocked, so we came along and raised the bar a little. **** you gawker, hows this for "script kids"? Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds! You wanted attention, well guess what, You've got it now!
To everyone who has a Gawker account, to avoid having your account hijacked, it is suggested that you change your passwords now by clicking your username at the top of the page on Gawker, then choosing the "Password" link towards the middle of the page. Gawker simply had this to say on the matter, "We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. "
Update: Voice News says that the attack was after a one line link on a Gawker website to a statement from President Obama calling Wikileaks "deplorable." In addition, the official Gawker twitter account was also compromised, as shown in these screenshots from Voice News;
Update #2: If you wish to check and see if your email is on the list of compromised accounts, one person uploaded all of the email addresses hashed in MD5 format. You can check that table for yours by doing the following: Go to http://pajhome.org.uk/crypt/md5/ and type in your email to get the MD5 hash, click "Show Options" on the table, then paste the MD5 has into the field and click "Apply." This procedure will help you know if you own one of the hijacked accounts.