After admitting that they were hacked yesterday, Gawker Media sites are now running an alert at the top of their sites about the breach of their 1+ million commenters' usernames and passwords with a link to how commenters can change their passwords, adding, "We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security—and of trust." The purported hackers, who also took over Gawker's content management system, said, "You would think a site that likes to mock people, such as Gawker, would have better security and actually have a clue what they are doing. But as we’ve proven, those who think they are beyond our reach aren’t as safe as they would like to think!"
Apparently, Gawker was initially aware of the hack on Saturday afternoon and Gnosis, the group of hackers claiming responsibility for the attack, got in touch with Mediaite to explain why Gawker was targeted: "We went after Gawker because of their outright arrogance"—possibly towards the hacker community—"It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database."
Then the hackers left a post on Gawker, offering a link to where a torrent of Gawker's source code could be downloaded. Gnosis later wrote to Mediaite, "We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible." (Gnosis also wants to make it clear they are not related to 4chan.)
The Next Web has more details of the breach, including how it includes, "The usernames and passwords to Denton’s Google Apps, Twitter, Campfire accounts are all listed; Denton uses the same password for them all." Apparently, "Back in November, Denton was told by a co-worker that he was spotted logged in to the Campfire backend, this was not him. Instead of safeguarding his credentials, Denton is convinced by other staff members that it was his own fault and doesn’t change his passwords, something he may later regret."
The Observer also ran down the alleged breach:
- The user information—passwords, emails and user names—for 1.3 million Gawker Media site commenters. A remarkable number of the passwords were set aside in a text file all their own owing to their simplicity and ridiculous insecurity; apparently a lot of Gawker commenters have been fond of using "password" or worse, "QWERTY" to secure their accounts. Also found in the user data: numerous password and email combos in which the email addresses ended in .mil or .gov—a potential route to serious cyber sabotage at the government level if there ever was one.
- What appears to be the login information for several Gawker staff and editors present and past, including former staffers Alex Pareene and Choire Sicha.
- Login information for file transfer sites as well as the Gawker login data for paywall-locked articles in the Wall Street Journal, gleaned from Campfire chat logs.