Worried your data has been compromised? Click here to check if you are part of the Gawker data breach.
“This event was off the charts”
Gary Vaynerchuk was so impressed with TNW Conference 2016 he paused mid-talk to applaud us.
Gawker Media is under siege at the moment, fighting off attacks from a group of attackers that have been able to compromise the entire database of Gawker Media’s web properties.
Sensitive information has been exposed, including staff conversations, their private passwords used within the network and passwords also used by people who have registered to comment.
All of the above information has been outputted by Gnosis, a group who wanted to seemingly put Gawker back in its place, creating a 500MB torrent file, currently residing on the popular torrent tracker ThePirateBay.
Inside the torrent file lies a file entitled Readme.txt. This file is potentially the most sensitive of them all, for it holds the usernames and passwords used by the entire Gawker staff, focusing particularly on Gawker’s founder Nick Denton.
The usernames and passwords to Denton’s Google Apps, Twitter, Campfire accounts are all listed; Denton uses the same password for them all:
Gawker Media uses Campfire as their backchannel to discuss site operations and potential stories. The attackers managed to unearth 4GB of data from the Campfire logs, unveiling seven FTP usernames and passwords setup by a number of different gaming companies:
Details are provided on how to access Gawker’s gaming website Kotaku, referencing the FTP server, username and password and the processes associated with how to access its server and data stored on it.
Back in November, Denton was told by a co-worker that he was spotted logged in to the Campfire backend, this was not him. Instead of safeguarding his credentials, Denton is convinced by other staff members that it was his own fault and doesn’t change his passwords, something he may later regret.
Then it gets even more interesting.
We speculated that the Gawker attacks could be associated with a previous feud between Gawker and 4Chan, where Ryan Tate and other Gawker staff called out 4Chan publicly on the site. This is confirmed when the attackers post up staff conversations relating to the feud, laughing off 4Chan’s so-called attacks and discussing ways they can antagonise 4Chan users even further.
It reads as follows:
The headeline of your post should be “Suck on This, 4Chan”
I like the call to make today Everybody Write About 4chan Day
Nick Denton Says Bring It On 4Chan, Right to My Home Address (After The Jump)
We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012
don’t forget Fourth Floor
Right! And Brian’s headcut illustration
As the lead image
Oh, 4Chan does not want to mess with me once I wind my neck up at them
hey guess what, 4chan has already declared gawker the winner of the 4chan war! we won!
what’d they say?
MR. OBAMA, TEAR DOWN THAT MOSQUE!
they say that this day will go down in history as the day 4chan failed.
And here we are today, a retaliation, so it seems.
The rest of the file goes on to list numerous different MySQL databases, security credentials and examples of user accounts compromised in the process. Users that registered on Gizmodo, Lifehacker and Kotaku have found their accounts posted to the file.
Gnosis, the team behind the attacks, pause to show just how many users use “password” in their login details, over 2700 records share the same password at a rough count.
We have been told that there are still things to come and that Gnosis aren’t finished yet.
UPDATE: If you’re worried about whether your Gawker user password has been compromised or not, the company’s Lifehacker blog has published an FAQ on the issue. Essentially, if you logged in to comment on Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot you need to change the password for both your Gawker account and anywhere else you use that password.
Gawker says it is working on an ‘Account Delete’ tool, which will be available soon. The only exception to all this is if you logged in via Facebook Connect, in which case you’ll be safe.
Update 2: Worried that Gawker wasn’t quick enough to warn its users of the data breach by email, members of the popular Hacker News website have combined to draft an email warning 200,000 Gawker users about the data breach. If you receive this email, it is one off email that is purely designed to warn you about the breach and get you to change your password.
If you used Facebook to connect, you should be fine.
However, if you connected your Twitter account to Gawker, it is possible that some accounts are tweeting messages containing “Acai Berry” tweets without their consent.
The attack, first reported as a ‘worm’ by Mashable, may actually, it appears, be related to this weekend’s hacking of Gawker Media’s database. @Delbius, leader of Twitter’s Trust and Safety team says: “Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise.”
If true (and you’d expect Twitter staff to be in a good position to judge such things) it’s likely to have affected anyone with the same password and email address for their Gawker and Twitter accounts. If you fit that bill, we recommend you change passwords on both accounts immediately.
Read next: The 10 Most Watched YouTube Videos of 2010