Gawker Hacked, Private User Information Possibly Stolen [Updated]

By
Gizmodo TweetsPhoto: Village Voice

Yesterday, the Gizmodo Twitter account read, "Gawker.com, Gizmodo.com, Lifehacker.com hacked, 1.5 million user names / e-mails / passwords taken," shortly after a Gawker post went up about Barack Obama calling WikiLeaks "deplorable." The Gizmodo tweeter also demanded support for WikiLeaks. Crazy! Except then, Scott Kidder, Gawker Media's director of editorial operations, said there's "no evidence to suggest any Gawker user accounts were compromised, and passwords [are] encrypted, not stored in plain text anyway," and the tweets were thought to be a prank and promptly deleted, though not before Runnin' Scared took a screenshot. Seemed like a false alarm, but, actually, the false alarm was a false alarm. Today, a Gawker post reads:


Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords. We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.

Gawker also told Mediaite:


Out of an abundance of caution, you should also change your company email password and any passwords that may have appeared in your email messages.

And just when Gawker started a user dating service!

After Gawker urged users to change their passwords, another post went up, under Adrian Chen's byline, asking people to please not download the Gawker source code, with a link to download the Gawker source code, noting that Gawker has "entered into the process of complete code review."


We have discovered various copies of our source code available for download. We ask you to NOT download this, as this WILL infringe our copyright. On the one hand, please know that we at Gawker Media take your information VERY seriously, all user data is protected and looked after in accordance with our policy. However, we do not believe our data has been compromised, so please relax on that front. We follow the most stringent, industry standard, methods in order to ensure the integrity and safety of your data. We hope that despite the full disclosure of GANJA, we still hold our iron grip on our data. Due to the leak of the GANJA framework from within our company, we have entered into the process of complete code review to enhance and enforce our privacy policy.

As one fearless Gawker commenter put it, even as his or her information might be stolen: "Pass the popcorn. This should be good."

Update: The post with the link to the Gawker source code has been taken down, and then reposted, and then taken down — indicating that Gawker's content management system has been hacked. It was reportedly posted by a group calling themselves Gnosis (who dubiously claim they are not 4chan or "Anonymous") and links to a torrent that includes all of Gawker Media's source code, along with a list of commenter names, e-mail addresses, and passwords, as well as the user names, e-mail addresses, and passwords of Gawker writers, editors, photographers, and business people, all downloadable at the Pirate Bay. The torrent also comes packaged with this message:


So, here we are again with a monster release of ownage and data droppage.
Previous attacks against the target were mocked, so we came along and raised the bar a little. Fuck you gawker, hows this for "script kids"? Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds! You wanted attention, well guess what, You've got it now!

The file reportedly also includes internal chats and e-mails, as well as the message: "We've not done yet, we have other targets in our sights, you will all soon realise that nothing is sacred on the internet. Shouts to all the crew at #gnosis! Hello to everyone at 4chan and #operationpayback."

Meanwhile, Gawker writer Adrian Chen is apparently locked out. He tweeted: "The worst part about this is I can't access the CMS to blog about it."

Oh, boy.

Commenting Accounts Compromised - Change Your Passwords [Gawker]
Gawker Hacked by Gnosis, Site in Chaos [Runnin' Scared/VV]