Gawker’s database compromise brought with it over a million account details that were subsequently posted into a torrent for easy consumption.
As interested parties downloaded the lists of usernames and passwords, people who had registered on a Gawker website found themselves at the mercy of people who now had their login credentials.
(After we wrote this post, we found an even easier tool to check if your e-mail address was hacked. Read about it here.)
A simple tool called Gawker Check, created by Jed Smith, provides the easiest way to check if your email address is on the Gawker hacker list. Smith created the tool so you can check your details without providing additional information or having other users steal data.
How To Check If Your Data Was Compromised
You will need to compute a SHA-256 (SHA-2, 256 bits, no salt) of your Gawker username or your e-mail address. They must be lowercase.
If you do not have the ability to do this yourself or have no idea what this means, you can compute it here (don’t put any spaces or anything in the box, just your username or e-mail address).
Hash your username. Take the first two letters of the hash and click the link below that matches. Use your browser’s find utility (usually Ctrl+F or Command+F) and search for the entire hash. If it’s there, that username is in the leaked data. Repeat this entire process for your e-mail address, too.
For example: fred@example.com = 2f72cd84e238657abb6d180e44c685dc3ecdcdc80d025cdae0c6bf5abceed46c, so Fred would click 2F below and search there.
Remember: Your username is not your display name.
My hash starts with…
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 2021 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 4142 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 6263 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 8384 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF
If you find a match, you are listed in Gawker’s leaked data and your accounts are at risk. Change your passwords if you haven’t already.
Why Was This Tool Created?
Gawker Check was built after its creator Jed Smith was concerned that his email was made publicly available from the attacks on Gawker. He immediately obtained the torrent to check if his e-mail was included and was surprised at the sheer size of the breach and the people that could be affected by it.
The site was automated entirely by hand, Smith parsed the database and wrote the text files containing hashes from an interactive Python session. It took about one hour to build.
Thank you Jed, Matt, and TNW!
I tried my username and email address but can’t find it. I did however find it in the leaked data. Not my password though, just my username and email. Kind of annoying, but it doesn’t bother me too much. They won’t be able to use it for anything anyway.
Found it now. It seems your linked online sha256 generator made a different hash than sha256sum on Ubuntu.
@Pål Nilsen If you’re piping it in from an echo you need to use -n or it puts in a new line. When I did that my hashes matched. They also (fortunately) do not appear to be in the list.
@Richard Holliday Good tip. I didn’t think about that. Odd that sha256sum would read newlines though. I used sha256 <<< email with the same result. echo -n or printf works. Thanks.
This is weird. I tried the Gawkerchecker and found nothing but I did find it with the one at xorbin. However, when I downloaded the text file off of piratebay, my un/passwords/email weren’t there. :/
I also don’t remember signing up for any of Gawker’s sites. I think I commented on one of their articles on Kotaku since it’s the only site I recognize… but I have no clue what password I used.
Despite this, I tried logging in Gawker with two of my most common “E-Z” passwords and even though my username was registered, neither one of them worked and when led to the profile page, it said my account was “still pending approval” but I could edit it and other things.What the hell? Am I a member or not?
@Michelle Fortune Not sure what the process is like now that one can “connect with facebook” and what not. Usually “pending approval” meant you were on probation, and had to make good constructive comments to get a permanent account. It most probably means you have an account there with some password, but it may have been disabled after the security breach.
Thanks for this! I logged in with Facebook Connect, and apparently they don’t store the passwords. However, I do get e-mails when someone responds to me. I used the tool and my e-mail hash isn’t in the file.
That’s a mighty handy tool for telling me that my email address and one or more of my many hundreds of passwords has been compromised.
Is there any tool I can use to narrow it down to which password?
Or do I just have to log in to every site I’m registered with and change my password for each and every one?