Gawker’s database compromise brought with it over a million account details that were subsequently posted into a torrent for easy consumption.
As interested parties downloaded the lists of usernames and passwords, people who had registered on a Gawker website found themselves at the mercy of people who now had their login credentials.
(After we wrote this post, we found an even easier tool to check if your e-mail address was hacked. Read about it here.)
A simple tool called Gawker Check, created by Jed Smith, provides the easiest way to check if your email address is on the Gawker hacker list. Smith created the tool so you can check your details without providing additional information or having other users steal data.
How To Check If Your Data Was Compromised
You will need to compute a SHA-256 (SHA-2, 256 bits, no salt) of your Gawker username or your e-mail address. They must be lowercase.
If you do not have the ability to do this yourself or have no idea what this means, you can compute it here (don’t put any spaces or anything in the box, just your username or e-mail address).
Hash your username. Take the first two letters of the hash and click the link below that matches. Use your browser’s find utility (usually Ctrl+F or Command+F) and search for the entire hash. If it’s there, that username is in the leaked data. Repeat this entire process for your e-mail address, too.
For example: firstname.lastname@example.org = 2f72cd84e238657abb6d180e44c685dc3ecdcdc80d025cdae0c6bf5abceed46c, so Fred would click 2F below and search there.
Remember: Your username is not your display name.
My hash starts with…
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 2021 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 4142 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 6263 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 8384 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF
If you find a match, you are listed in Gawker’s leaked data and your accounts are at risk. Change your passwords if you haven’t already.
Why Was This Tool Created?
Gawker Check was built after its creator Jed Smith was concerned that his email was made publicly available from the attacks on Gawker. He immediately obtained the torrent to check if his e-mail was included and was surprised at the sheer size of the breach and the people that could be affected by it.
The site was automated entirely by hand, Smith parsed the database and wrote the text files containing hashes from an interactive Python session. It took about one hour to build.