The blogosphere is alight with news of Media giant Gawker being hit by hackers, Mediaite suggests that the comment database has been hacked and Gawker themselves suggests users change the passwords to avoid further security compromises.
In all there are around 1.5 million users in the database which includes information such as email addresses, usernames and passwords of Gawker users. Initially Gawker played down the hack and denied that the data base had been touched – they obviously knew a hack had occurred and I would imagine were scrambling to fix the problem.
An official Tweet from Gawker’s editorial Director, Scott Kidder said “No evidence to suggest any Gawker Media’s user accounts were compromised and passwords encrypted anyway,”
Later on Kidder made an about turn and said “Our user databases do indeed appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change the password on Gawker (GED/commenting system) and on any other sites on which you’ve used the same passwords. Out of an abundance of caution, you should also change your company email password and any passwords that might have appeared in your email messages.”
An anonymous source explained that the attack stemmed from Gawkers arrogance, a statement on Mediaite said “We went after Gawker because of their outright arrogance,” the source said. “It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database.”
It seems the ‘source’ of the insider info had actually discovered an internal memo explaining that they (Gawker) were ‘not afraid’ of the hackers.
Kidder said “We’re deeply embarrassed by this breach,” he continued “We should not be in the position of relying on the goodwill of hackers who identified the weakness in our systems. And yes, the irony is not lost on us.”
So if you have ever commented on any Gawker Media site then go on over an change your password, Gawker even have a post linked from their homepage on how to choose a strong password.