Gawker yesterday confirmed an earlier report by Mediaite that a database containing the account details of 1.3 million usernames, passwords and email addresses has been compromised. Gawker’s content management system (CMS) has also been breached. When talking to Mediaite, the group responsible for the hack stated that their reasoning for doing so was their arrogance towards the anarchistic online community 4chan, despite the fact that the group is not affiliated with the site.
We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database… I mean if you say things like that, and attack sites like 4chan (Which we are not affiliated to) you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia “empire”Â needs to be brought down a peg or two. Our groups (sic) mission? We don’t have one.
The data was dumped into a torrent that was made available on The Pirate Bay – Mediaite has a screencap of the page in their piece about Gawker’s CMS – though a search for “gawker” or “gawkmedia” turned up nothing at the site.
I loathe Gawker and everything they stand for, and take a small measure of schadenfreude at this happening to a site that so openly celebrates similar happenings to other media organizations and has such a loose interpretation of journalistic ethics that they bought a stolen iPhone 4, causing the editor in question to be raided by the FBI, but that’s not the key here. The key is that 1.3 million accounts have been compromised, encompassing the entire Gawker network, including those of video games blog Kotaku. I’m quite sure some of our users also have accounts over there, so let me state this clearly: change your passwords. If you have passwords that you share at other websites, change those as well. If you’re unsure if you do or not, take better care of your passwords (there’s a program called KeePass that does a good job of maintaining passwords). It’s one thing to have an email address and a password given out, but if the passwords for your email AND the Gawker site are the same… well, I don’t need to extrapolate beyond that.
There is a report going around on Mashable about what was reported to be a worm about acai berry diets, but is instead being discussed by Twitter as being related to the Gawker incident. Though that’s unconfirmed, I should have confirmation once I talk to our own Jonathan Widro, who’s Twitter account broadcast one of those messages earlier this morning (it’s since been deleted; I still see it because TweetDeck keeps a cache).