Gawker Media Compromised

The Internet provided two security lessons this week…
1 — use hard passwords,
2 — use different passwords on all websites.

E-mail addresses and passwords from Gawker Media have been stolen for 200,000 1.4M registered users and are circulating on peer-to-peer networks after a weekend compromise. Gawker Media has warned users to change their passwords both at Gawker Media and at other sites where users utilized the same passwords.

Popular websites including Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot users were compromised where users were required to register, providing their e-mail address and a password, to leave comments. The emails and passwords were released by “Gnosis” in a 487MB file. Additionally, “gawker_redesign_beta.jpg” and Gawker’s server kernal versions have been included in the torrent.

The passwords were encrypted although it’s expected that password crackers are being worked overtime and the easy passwords have probably already been cracked.

In a proactive move, LinkedIn has reset passwords for users that have Gawker Media accounts requiring a change. Two thumbs up for LinkedIn from the Geeks… not so much for Gawker Media.

Because the Geeks recommend using hard passwords and different passwords for every website, you may ask how you keep track of all those passwords because that yellow sticky on the side of your monitor allows you to only write so many passwords on it. Instead of using the sticky, the Geeks recommend utilizing a password tool like 1Password (available on Mac/Windows/iOS) combined with DropBox to maintain your all your passwords wherever you have access to Dropbox and an installed copy of 1Password.