Yesterday, the Gizmodo Twitter account read, "Gawker.com, Gizmodo.com, Lifehacker.com hacked, 1.5 million user names / e-mails / passwords taken," shortly after a Gawker post went up about Barack Obama calling WikiLeaks "deplorable." The Gizmodo tweeter also demanded support for WikiLeaks. Crazy! Except then, Scott Kidder, Gawker Media's director of editorial operations, said there's "no evidence to suggest any Gawker user accounts were compromised, and passwords [are] encrypted, not stored in plain text anyway," and the tweets were thought to be a prank and promptly deleted, though not before Runnin' Scared took a screenshot. Seemed like a false alarm, but, actually, the false alarm was a false alarm. Today, a Gawker post reads:
Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords. We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.
Gawker also told Mediaite:
Out of an abundance of caution, you should also change your company email password and any passwords that may have appeared in your email messages.
And just when Gawker started a user dating service!
After Gawker urged users to change their passwords, another post went up, under Adrian Chen's byline, asking people to please not download the Gawker source code, with a link to download the Gawker source code, noting that Gawker has "entered into the process of complete code review."
As one fearless Gawker commenter put it, even as his or her information might be stolen: "Pass the popcorn. This should be good."
Update: The post with the link to the Gawker source code has been taken down, and then reposted, and then taken down — indicating that Gawker's content management system has been hacked. It was reportedly posted by a group calling themselves Gnosis (who dubiously claim they are not 4chan or "Anonymous") and links to a torrent that includes all of Gawker Media's source code, along with a list of commenter names, e-mail addresses, and passwords, as well as the user names, e-mail addresses, and passwords of Gawker writers, editors, photographers, and business people, all downloadable at the Pirate Bay. The torrent also comes packaged with this message:
So, here we are again with a monster release of ownage and data droppage.
Previous attacks against the target were mocked, so we came along and raised the bar a little. Fuck you gawker, hows this for "script kids"? Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds! You wanted attention, well guess what, You've got it now!
The file reportedly also includes internal chats and e-mails, as well as the message: "We've not done yet, we have other targets in our sights, you will all soon realise that nothing is sacred on the internet. Shouts to all the crew at #gnosis! Hello to everyone at 4chan and #operationpayback."
Meanwhile, Gawker writer Adrian Chen is apparently locked out. He tweeted: "The worst part about this is I can't access the CMS to blog about it."
Commenting Accounts Compromised - Change Your Passwords [Gawker]
Gawker Hacked by Gnosis, Site in Chaos [Runnin' Scared/VV]