Gawker Roadkill? How To Find Out and Recover

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online.
Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts published on the Internet. How can you figure out if your e-mail and password were among more than a million that were stolen? Read on for instructions on figuring out if you’re one of the victims of the Gawker attack, and what to do about it.

CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online.

Millions of Web users are waking up to news that broke over the weekend that systems belonging to Gawker Media were hacked and password data on millions of user accounts published on the Internet. How can you figure out if your e-mail and password were among more than a million that were stolen? Read on for instructions on figuring out if you’re one of the victims of the Gawker attack, and what to do about it.

As Threatpost reported, the passwords only pertain to accounts used to access and comment on stories across Gawker’s constellation of Websites, including Gawker.com, Valleywag.com, Lifehacker.com and Gizmodo.com. However, given the tendency of individuals to reuse passwords, this breach is going to have ripple effects. Already, enterprising spammers have seized on the list of cracked e-mail addresses and passwords to compromise Twitter accounts and spread spam messages promoting the health benefits of Acai Berries. Those kind of attacks may well spread beyond Twitter, as hackers knock on the social networking, Web based e-mail and even corporate accounts of registered Gawker users, counting on the fact that the account owner may have reused their Gawker password on other accounts – and that’s a good bet, statistics show.

Fortunately, users can can you figure out if their information was among those exposed in the attack using a few simple steps. (Thanks to HD Moore of Metasploit for sending around these links.)

1) Determine whether your account details were revealed.

A torrent containing the leaked Gawker accounts logins was posted online at thepiratebay.com. But if you don’t feel like downloading Gawker’s stolen booty just to see if your user account has been compromised, the leaked accounts are also available online as a comma separated value (CSV) file of encrypted “hashes” or unique, 32 character hexadecimal values generated using the Message-Digest Algorithm 5 (MD5), a cryptographic hash function. The bad news, of course, is that you can’t just look at an MD5 hash and say “aha! that’s my password.” If you want to figure out if your login data is part of the trove of leaked account information from Gawker, you’ll first need to create an MD5 hash of your e-mail, and then search against the list of leaked accounts for that value. To make the hash, point your Web browser to this Web site, where you can plug in your address and convert it to an MD5 hash.

2) Search the list of stolen accounts.

With an MD5 hash of the e-mail or e-mails you’ve used (or think you’ve used) on Gawker’s Websites in hand, navigate over to a list of the leaked addresses and do a search. This data has been made available online here. You can search the list by clicking on the Show Options link, choosing MD5 from the first drop down menu, an “=” from the second drop down menu, and then pasting the MD5 hash of your email into the final text box, then clicking the Apply button to search the list. If the MD5 matches one on the list, your account info was leaked. 

3) Change your Gawker password.

If you’ve been careful to not re-use passwords between different Web sites, then you should simply create a new password for your Gawker account and move on with  your life. Gawker has instructions on changing your password posted online. If you’re just pissed off and want to delete your Gawker account altogether, they have instructions for doing that, too.

4) Change your other passwords.

If you’re one of the 99.99% of users who do reuse passwords, then the recovery from this breach is more difficult. If you remember what your Gawker password was, then you can easily figure out which of the Web properties and accounts you have that share that password. Another approach might be to simply consolidate all your various account passwords in a secure password manager. Online services like lastpass.com allow you to manage access to multiple accounts from your desktop, browser or mobile device and use strong passwords in the place of weak (but easy to remember) alternatives.  There are others, as well, including the open source KeePass. Gawker’s Lifehacker site (**ahem!**) has a nice round-up of password managers here

Suggested articles

Discussion

  • Jim on

    Kaspersky should host an email address-to-MD5 hash generator.

  • Matt on

    Instructions for deleting account:

    5) How can I delete my account?
    We understand how important trust is on the web, and some of you may wish to delete your Gawker Media account. Currently account deletion is not available. We will, however, give you this option as soon as possible.

  • Idan Shoham on

    It seems that major breaches like this are becoming quite common. 
    What does that say about the security thinking among people operating 
    the compromised system, and about the security thinking among end users? 

    If you operate a major web site, a big security compromise like this can 
    kill your business.  Not investing enough time, money and infrastructure 
    in security means putting your organization at risk of major harm, because 
    of bad press, lost end users, lost advertisers, etc.  This is a big deal. 

    If you are a user whose password has been compromised, I guess it depends 
    on how many other systems you sign into with the same ID/password and 
    whether you care about compromise of any/every account that uses the 
    same credentials.  At a minimum, once you learn about a compromise like 
    this, you should change your "standard, used for systems I don't care 
    much about" password everywhere. 

    In either case, you can learn about effective password management 
    practices: for organizations (http://bit.ly/dPhpkx) and for end users (http://bit.ly/fewec9)
    - Idan Shoham, CTO, Hitachi ID Systems

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.