A massive hack of systems belonging to online publishing giant Gawker Media has put gigabytes of sensitive information related to Gawker founder Nick Denton and the company’s operations online. But a trove of millions of hashed account passwords could be an even bigger problem for untold numbers of individuals, companies and government agencies.
The breach was disclosed over the weekend, and has already spawned a spam campaign on Twitter in which spammers hijacked accounts by taking advantage of Gawker users who used the same password to secure their Twitter account. In a statement on its Web page, Gawker said an online hacking group dubbed “Gnosis” had taken responsibility for the attack, and apologized to users for the breach. Gawker encouraged account holders to change their account password, and the password of any accounts that shared that password and published a FAQ with information on the breach.
The breach of Gawker’s content management system directly affects the various Web properties that are part of the company’s online media empire, including popular sites like lifehacker.com, gawker.com and valleywag.com. But the ripple effects of the publication of so many account passwords could be felt for months to come. Web users, burdened by dozens of passwords to different sites, frequently reuse passwords between sites, allowing enterprising spammers and cyber criminals to compromise accounts at unaffiliated Websites and on corporate networks.
Twitter has already asked users who shared a password between Gawker and Twitter to change their Twitter account password, according to a Tweet issued from the account of Del Harvey (@delbius) of Twitter’s Trust and Safety Team.
In an interview with the Web site Mediaite, an individual claiming to represent Gnosis said that it has cracked around a quarter of an estimated 1.3 million accounts. A partial analysis of the stolen password data includes e-mail addresses from government and military Web sites and a dispiriting number of weak passwords.The individual, who was not named in the Mediaite report, said 2650 users in the database used the password “password” or “querty” (sp), including users registered under .gov and .mil email addresses.
While the exact reason for the attack isn’t clear, the individual reporting to represent Gnosis said that Gawker was hacked because it was “arrogant” and in retribution for its critical coverage of the hacking and trolling group 4chan. Among the data released were exchanges from Gawker’s Campfire content management system that made fun of 4Chan.
The source of the breach hasn’t been determined, but published statements attributed to Gnosis suggest that the site had numerous security holes that could have played a part in the compromise, including Web application and database vulnerabilities and out of data server software powering backend systems.
Threatpost will be covering the Gawker breach throughout the day and as the story progresses. Stay tuned!