Gawker data exposed in major hack attack

gawker_hack.top.jpg By Laurie Segall, CNNMoney staff reporter


NEW YORK (CNNMoney.com) -- Popular news and gossip blog network Gawker fell victim this weekend to hackers: Over 1 million usernames and passwords were exposed by a group of hackers who posted a 500 MB file of the private data on a file-sharing site.

The breach exposed users' passwords and e-mails, as well as Gawker's source code and conversations between staff members.

nick_denton.03.jpg
Gawker founder Nick Denton and CTO Tom Plunkett

Speculation that the site's security had been breached began after a series of suspicious tweets on Saturday from affiliated site Gizmodo, according to Mediaite.

Gawker's management acknowledged the breach late Sunday, posting on Lifehacker.com: "This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot."

The site advised its registered commenters to "assume that your username and password were included among the leaked data," and to change their passwords. As Jessica Coen, editor-in-chief of Gawker sister site Jezebel, phrased it on Twitter: "If you've registered to comment on Jezebel, pls change your password before your computer bursts into flames."

To combat future attacks, the site plans to hire an independent security firm to improve the security. Gawker founder, Nick Denton, was unavailable for further comment.

"We're busy communicating with our commenters right now," he told CNNMoney. "That has to take priority."

A group called "Gnosis" contacted various media outlets claiming credit for the attack. In the letter posted on Mediaite, a user who claimed to represent Gnosis wrote: "We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database."

Gawker has previously spoken out against groups like 4chan, a site whose members often band together to take down websites using denial-of-service attacks.

According to Gnosis' letter, the group found the site's security easy to breach. "Their site is filled with numerous exploitable code and their database is publicly accessible," they wrote.

While Gawker is up and running again, the breach has had clear repercussions. Twitter users who had the same password for that site as for their Gawker accounts are reporting intrusions, with a barrage of messages advertising Acai Berry diet links polluting their tweet feeds.

Del Harvey, Twitter's director of trust and safety, advised users to change their Twitter passwords.

"Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PR. A current attack appears to be due to the Gawker compromise," Harvey tweeted.

Privacy researcher and consultant Ashkan Soltani said the past week's spate of Internet attacks and breaches are highly visible examples of how security weaknesses can be exploited.

"Security is very much like 'The Club' on your automobile ... if someone is motivated, persistent, and resourceful, they can ultimately find a way to steal your car," he said. "Through a combination of skill, knowledge sharing, and trial and error, they find a hole that they exploit. This is not surprising or new, it's just currently now much more in the public eye."

Denton later addressed logistical concerns and fielded questions from unhappy users on the comments section of the Gawker site.

One user suggested Denton's dismissive attitude about commenters could have enabled the attack. "You really need to think deeply about how you missed spotting this iceberg," he wrote.

Denton responded, "If anything, I'd blame our relentless quest for growth. We're always trying to bring out the new thing...and we don't spend enough time or energy consolidating what we have."  To top of page

Frontline troops push for solar energy
The U.S. Marines are testing renewable energy technologies like solar to reduce costs and casualties associated with fossil fuels. Play
25 Best Places to find rich singles
Looking for Mr. or Ms. Moneybags? Hunt down the perfect mate in these wealthy cities, which are brimming with unattached professionals. More
Fun festivals: Twins to mustard to pirates!
You'll see double in Twinsburg, Ohio, and Ketchup lovers should beware in Middleton, WI. Here's some of the best and strangest town festivals. Play
Index Last Change % Change
Dow 17,804.80 26.65 0.15%
Nasdaq 4,765.38 16.98 0.36%
S&P 500 2,070.65 9.42 0.46%
Treasuries 2.18 -0.03 -1.27%
Data as of 3:08pm ET
Company Price Change % Change
Bank of America Corp... 17.62 0.09 0.51%
Apple Inc 111.78 -0.87 -0.77%
General Electric Co 25.62 0.48 1.91%
Intel Corp 36.37 -0.65 -1.76%
Microsoft Corp 47.66 0.14 0.29%
Data as of Dec 19

Sections

New York Magazine reporter Jessica Pressler, who has been caught up in controversy this past week, will not be moving on to a new job at Bloomberg News. More

Investors beware: These 5 global crises are likely to rattle the stock market and world economy. More

Forums in dark corners of the web sell the kinds of hacks that befell Sony. More

Unilever sued Hampton Creek over its egg-free mayonnaise spread Just Mayo. But the company behind Best Foods and Hellman's mayonnaise has now dropped the lawsuit. More

The income of the top 1% jumped significantly in 2012, far outpacing inflation. Not only did this group make a larger share of the country's income, their share of total taxes also jumped from 35% to 38%. More

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.