gawker

Gawker Hacked, Private User Information Possibly Stolen [Updated]

Yesterday, the Gizmodo Twitter account read, “Gawker.com, Gizmodo.com, Lifehacker.com hacked, 1.5 million user names / e-mails / passwords taken,” shortly after a Gawker post went up about Barack Obama calling WikiLeaks “deplorable.” The Gizmodo tweeter also demanded support for WikiLeaks. Crazy! Except then, Scott Kidder, Gawker Media’s director of editorial operations, said there’s “no evidence to suggest any Gawker user accounts were compromised, and passwords [are] encrypted, not stored in plain text anyway,” and the tweets were thought to be a prank and promptly deleted, though not before Runnin’ Scared took a screenshot. Seemed like a false alarm, but, actually, the false alarm was a false alarm. Today, a Gawker post reads:

Gawker also told Mediaite:

And just when Gawker started a user dating service!

After Gawker urged users to change their passwords, another post went up, under Adrian Chen’s byline, asking people to please not download the Gawker source code, with a link to download the Gawker source code, noting that Gawker has “entered into the process of complete code review.”

We have discovered various copies of our source code available for download. We ask you to NOT download this, as this WILL infringe our copyright. On the one hand, please know that we at Gawker Media take your information VERY seriously, all user data is protected and looked after in accordance with our policy. However, we do not believe our data has been compromised, so please relax on that front. We follow the most stringent, industry standard, methods in order to ensure the integrity and safety of your data. We hope that despite the full disclosure of GANJA, we still hold our iron grip on our data. Due to the leak of the GANJA framework from within our company, we have entered into the process of complete code review to enhance and enforce our privacy policy.

As one fearless Gawker commenter put it, even as his or her information might be stolen: “Pass the popcorn. This should be good.”

Update: The post with the link to the Gawker source code has been taken down, and then reposted, and then taken down — indicating that Gawker’s content management system has been hacked. It was reportedly posted by a group calling themselves Gnosis (who dubiously claim they are not 4chan or “Anonymous”) and links to a torrent that includes all of Gawker Media’s source code, along with a list of commenter names, e-mail addresses, and passwords, as well as the user names, e-mail addresses, and passwords of Gawker writers, editors, photographers, and business people, all downloadable at the Pirate Bay. The torrent also comes packaged with this message:

The file reportedly also includes internal chats and e-mails, as well as the message: “We’ve not done yet, we have other targets in our sights, you will all soon realise that nothing is sacred on the internet. Shouts to all the crew at #gnosis! Hello to everyone at 4chan and #operationpayback.”

Meanwhile, Gawker writer Adrian Chen is apparently locked out. He tweeted: “The worst part about this is I can’t access the CMS to blog about it.”

Oh, boy.

Commenting Accounts Compromised - Change Your Passwords [Gawker]
Gawker Hacked by Gnosis, Site in Chaos [Runnin’ Scared/VV]

Gawker Hacked, Private User Information Possibly Stolen [Updated]