We have just learned that the Gawker Media network has been hacked, with over 200,000 email addresses and passwords of registered users now circulating on peer-to-peer networks.
Gawker is the owner of several popular tech and culture sites that have been affected by the attack including Gizmodo, Gawker, Lifehacker, Kotaku, Jezebel, Fleshbot, Deadspin, Jalopnik, and io9. In order to leave comments on these sites, users are required to provide their email address and create a password. These are the users that have been compromised in the attack.
If you signed up to any of the Gawker sites using your Twitter account or Facebook Connect, you don’t have to worry, as the company promises they do not store these passwords. For other users, the following statement has been issued on the Gawker website:
“We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust. We’re working around the clock to ensure our security (and our commenters’ account security) moving forward.”
The 487 MB file is now floating around torrent sharing sites and currently indexed on The Pirate Bay. The file contains the aforementioned user data, as well as Gawker’s server kernel versions and a file named “gawker_redesign_beta.jpg. The files show the Gawker redesign that is yet to be implemented.
A group known only as “Gnosis” is taking credit for the security breach stating, “Previous attacks against the target were mocked, so we came along and raised the bar a little.”
Gawker has posted a FAQ regarding the attack here.