Gawker’s Hacked Passwords Spells Touble for Government Servers
December 13, 2010
(ChattahBox Technology News)—A group of hackers calling themselves “Gnosis” compromised Gawker Media’s servers over the weekend, grabbing account passwords for registered users and login information for editors. The sensitive data dump was made available for download on the Internet, leading to a “joke” post on Gawker using an author’s hacked account. Gawker apologized for the security breach, citing embarrassment, but the real headaches may be just beginning. Some of the commenters used their government and military emails. Because many people use the same password for multiple accounts, there’s a real danger hackers could mine the data to break into government servers and email accounts, gaining access to secret data.
“If the passwords published online by the Gnosis hacker group were also used by those people for their work e-mail accounts, the passwords could be used in future targeted attacks against government employees to plant malware or steal other information.
“PBS NewsHour has identified a subset of the 1.3 million accounts accessed in the Gawker hack that included an unknown number of accounts with the .gov domain, including ones from the Department of Defense, NASA, National Institute of Health and the U.S. Postal Inspection Service.”
The hacktivist group Anonymous that has taken up the cause of WikiLeaks by waging DDoS attacks on anti-WikiLeaks companies, such as PayPal, MasterCard, Visa and Amazon, is busy combing through the stolen Gawker data to cause havoc, according to boasts made on a message board:
“If the people in this dump have admin/mod rights there maybe [sic] other sensitive information worth disclosing to the Internet,” the chat room message quoted by PBS NewsHour said. “Scrape any and all information you can and dont [sic] be XXXXing stupid, these are government officials, use many layers of proxies and report back any lulz [laughter at someone else's expense] to (REDACTED).”
Registered users of Gawker Media sites should change their passwords immediately for their emails, Twitter accounts and others. And don’t use the same password for all your accounts. That will get you into trouble.
The data breach affects the websites Gawker, Lifehacker, Gizmodo, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.