Gawker Roadkill? How To Find Out and Recover

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online.
Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts published on the Internet. How can you figure out if your e-mail and password were among more than a million that were stolen? Read on for instructions on figuring out if you’re one of the victims of the Gawker attack, and what to do about it.

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online.

Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts published on the Internet. How can you figure out if your e-mail and password were among more than a million that were stolen? Read on for instructions on figuring out if you’re one of the victims of the Gawker attack, and what to do about it.

As Threatpost reported, the passwords only pertain to accounts used to access and comment on stories across Gawker’s constellation of Websites, including Gawker.com, Valleywag.com, Lifehacker.com and Gizmodo.com. However, given the tendency of individuals to reuse passwords, this breach is going to have ripple effects. Already, enterprising spammers have seized on the list of cracked e-mail addresses and passwords to compromise Twitter accounts and spread spam messages promoting the health benefits of Acai Berries. Those kind of attacks may well spread beyond Twitter, as hackers knock on the social networking, Web based e-mail and even corporate accounts of registered Gawker users, counting on the fact that the account owner may have reused their Gawker password on other accounts – and that’s a good bet, statistics show.

Fortunately, users can can you figure out if their information was among those exposed in the attack using a few simple steps. (Thanks to HD Moore of Metasploit for sending around these links.)

1) Determine whether your account details were revealed.

A torrent containing the leaked Gawker accounts logins was posted online at thepiratebay.com. But if you don’t feel like downloading Gawker’s stolen booty just to see if your user account has been compromised, the leaked accounts are also available online as a comma separated value (CSV) file of encrypted “hashes” or unique, 32 character hexadecimal values generated using the Message-Digest Algorithm 5 (MD5), a cryptographic hash function. The bad news, of course, is that you can’t just look at an MD5 hash and say “aha! that’s my password.” If you want to figure out if your login data is part of the trove of leaked account information from Gawker, you’ll first need to create an MD5 hash of your e-mail, and then search against the list of leaked accounts for that value. To make the hash, point your Web browser to this Web site, where you can plug in your address and convert it to an MD5 hash.

2) Search the list of stolen accounts.

With an MD5 hash of the e-mail or e-mails you’ve used (or think you’ve used) on Gawker’s Websites in hand, navigate over to a list of the leaked addresses and do a search. This data has been made available online here. You can search the list by clicking on the Show Options link, choosing MD5 from the first drop down menu, an “=” from the second drop down menu, and then pasting the MD5 hash of your email into the final text box, then clicking the Apply button to search the list. If the MD5 matches one on the list, your account info was leaked. 

3) Change your Gawker password.

If you’ve been careful to not re-use passwords between different Web sites, then you should simply create a new password for your Gawker account and move on with  your life. Gawker has instructions on changing your password posted online. If you’re just pissed off and want to delete your Gawker account altogether, they have instructions for doing that, too.

4) Change your other passwords.

If you’re one of the 99.99% of users who do reuse passwords, then the recovery from this breach is more difficult. If you remember what your Gawker password was, then you can easily figure out which of the Web properties and accounts you have that share that password. Another approach might be to simply consolidate all your various account passwords in a secure password manager. Online services like lastpass.com allow you to manage access to multiple accounts from your desktop, browser or mobile device and use strong passwords in the place of weak (but easy to remember) alternatives.  There are others, as well, including the open source KeePass. Gawker’s Lifehacker site (**ahem!**) has a nice round-up of password managers here

Suggested articles