Gawker Sites Hacked, 1.3 Mil Passwords Compromised

Via Angie, a Forbes blog has a great explanation of the whole debacle.

It’s a summary of the textfile and gawker’s response, it doesn’t actually explain how they got in. I guess that info just hasn’t been released anywhere.

After this debacle I’m pretty much done with Gawker and all of its sites. I used to think it was just the general commenting populace on those sites that were caustic douchenozzles. Now I see that the editors are the worst of the bunch.

Luckily I just had a throwaway password for commenting, but that doesn’t change the fact that they were arrogant little shits through and through (which is why I’m done with them). “Hubris” was the watchword here, and I’m glad theirs finally bit them in the ass. I just wish it didn’t bite 1.3 million people, too.

Anyway, that said. What are some good io9 and Lifehacker alternatives? Those are the only sites I ever visited with any regularity.

Collider might be a good alt to io9.

IO9 is hilarious. I look forward to seeing if the poor bastard forced to write about each episode of No Ordinary Family hangs himself each week.

Apparently Slate has a little widget to check if your account was compromised.

So according to Slate’s widget, it’s time to change a password… but I cant remember what password I used for gawker’s sites in the first place…

-sigh- time for a 500 meg download

Why not just get one of the Gawker sites to e-mail you your password? Seems easier than picking through the torrent file.

I like SpoofyChop’s link better, but here’s a Google Docs version of the list. Note that you can use the “Show Options” thingy at the top of the list to filter out everything but the MD5 you put there.

I like io9 too. Check their Transformers review:

So, to sum up: Transformers: Revenge Of The Fallen is one of the greatest achievements in the history of cinema, if not the greatest. You could easily argue that cinema, as an artform, has all been leading up to this. It will destabilize your limbic system, probably forever, and make you doubt the solidity of your surroundings. Generations of auteurs have struggled, in vain, to create a cinematic experience as overwhelming, and as liberating, as ROTF.

Women as well as men, everyone watching this film will feel the dissolution of all their certainties, all their illusory grasp on the world… but after you fall into a brazen despair that the walls of reality have become toxic ice cream of a million flavors, you will gasp with a greater realization: that once the world is reduced, forever, to a kaleidoscope of whirling shapes, you are totally free. Nothing matters, effect precedes cause, fish spawn in mid-air, and you can do whatever you want. Let yourself go in your adult diaper, Michael Bay invites you. Feel the music of total excess stir inside your deepest core. It is your Allspark, your cube. And you are a Transformer.

Looks like I got released too.

Meh, I don’t think that I used that password for important sites. My important passwords are all different ones. I only use my “garbage” passwords for sites like Kotaku.

I also got an e-mail from blizzard saying that they have added a password reset request to all of their accounts, and they urge people to change their passwords.

I can’t tell if this is a scam or not.

Either way, my WoW password is a wholly unique one, so I am just going to ignore this.

-Jon

Me too, because really, how much do I trust the admins of every random phpBB install I’ve ever registered for? Still, I’d rather not have mkozlows logins all over the internet begin posting spam on various fora, so I went through everything I could find and changed the password. Kind of a pain.

So, I’ve never signed up for an account on any of these sites. Ever. However, I own the domain “probablynot.com” which is apparently one people like to use as fake email addresses when signing up for sites…

Thanks to the emails and the password reset page, I now have 27 accounts for these websites.

Well, somebody’s taking advantage of the breach. This morning I found an email in my inbox from a friend who was suddenly touting the benefits of acai berry for weight loss and hidden linking to Russian web sites… His email account had been compromised to get his contact list, and after a bit of digging we finally made the Gawker connection; he admitted that he’d used the same password for his Kotaku account.

The acai berry people should just be rounded up.

Oh, i don’t care about the gawker account being compromised. My concern was with 8 of 10 characters known, it might be easy to guess my account on other sites w/ the same e-mail and/or username.

Luckily, though, gawker got my junk password scheme, so its not really affecting anything I care about too much.

LinkedIn was smart about all this. They checked every single e-mail address that was released against their own database and forced every one of those people to reset their password.

That might be smart, and Blizzard is trying to do the same thing, but I have a unique password for that account and I will not be pushed into changing it because most other people are morons.

This has annoyed tremendously.

I was notified by both LinkedIn and Blizzard that I should change my password, and the Slate widget agrees that my e-mail address is in the list.

Now, I don’t register for forums with any important password, but I do tend to use a “garbage” password for that type of site, with a very easy to figure-out algorithm to personalize them slightly. I’ve been going through my 1Password database and then hitting the sites which I previously used those garbage passwords on, replacing them with 1Password generated 10+ chars, at least 1 symbol and 2 digits passwords. It’s taking hours, and I’m not even halfway through the list.

sigh Hoist with my own petard.