Gawker’s database compromise brought with it over a million account details that were subsequently posted into a torrent for easy consumption.
As interested parties downloaded the lists of usernames and passwords, people who had registered on a Gawker website found themselves at the mercy of people who now had their login credentials.
(After we wrote this post, we found an even easier tool to check if your e-mail address was hacked. Read about it here.)
A simple tool called Gawker Check, created by Jed Smith, provides the easiest way to check if your email address is on the Gawker hacker list. Smith created the tool so you can check your details without providing additional information or having other users steal data.
How To Check If Your Data Was Compromised
You will need to compute a SHA-256 (SHA-2, 256 bits, no salt) of your Gawker username or your e-mail address. They must be lowercase.
If you do not have the ability to do this yourself or have no idea what this means, you can compute it here (don’t put any spaces or anything in the box, just your username or e-mail address).
Hash your username. Take the first two letters of the hash and click the link below that matches. Use your browser’s find utility (usually Ctrl+F or Command+F) and search for the entire hash. If it’s there, that username is in the leaked data. Repeat this entire process for your e-mail address, too.
For example: [email protected] = 2f72cd84e238657abb6d180e44c685dc3ecdcdc80d025cdae0c6bf5abceed46c, so Fred would click 2F below and search there.
Remember: Your username is not your display name.
My hash starts with…
If you find a match, you are listed in Gawker’s leaked data and your accounts are at risk. Change your passwords if you haven’t already.
Why Was This Tool Created?
Gawker Check was built after its creator Jed Smith was concerned that his email was made publicly available from the attacks on Gawker. He immediately obtained the torrent to check if his e-mail was included and was surprised at the sheer size of the breach and the people that could be affected by it.
The site was automated entirely by hand, Smith parsed the database and wrote the text files containing hashes from an interactive Python session. It took about one hour to build.