Gawker Hacked: Lessons Learned

This week Gawker Media, owner of several very popular websites, had their user database compromised.According to PC Magazine, this event, which led to a massive Twitter spam campaign this weekend, has caught the attention of the FBI. By linking users’ Twitter accounts with their Gawker accounts, which includes anyone who has registered to be able to comment on posts on Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you use any of these sites, you should immediately change your password. If you use the same password on any other websites, you need to change it on all of them as well.

This list of the top 50 passwords used by Gawker and affiliated websites is educational, and serves to illustrate that (far too) many people use easy to guess, or crack, passwords.

LinkedIn did a good thing and checked the leaked user information, cross-referencing it with their own user database, and forced those users with matching user information to change their passwords. Good move!

There are lessons to be learned by end users, e.g., you, from this incident:

  • Never use the same username and password combination on more than one website.
  • Pick hard to guess passwords. Things like
  • Get a password management program like LastPass, 1Password, or KeePass and use it.

For more technical reading on this topic, see this excellent paper, Profiling User Passwords on Social Networks. Gawker also published an FAQ for this event on Lifehacker.

Comments are closed.