A recent attack on Gawker Media, an online gossip Website, has enabled spammers to infiltrate thousands of Twitter accounts. The security breach, which compromised 1.3 million Gawker user account passwords was carried out on its servers this weekend thus affecting several users of the following media and technology sites run by Gawker Media: Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. Subsequently, a file containing the hacked passwords from Gawker Media’s servers were then published on 4Chan thus making it possible for spammers to break into thousands of Twitter accounts where users had used the same passwords for both sites.
More recently, a group called “Gnosis” released a 500MB file containing the information taken from Gawker on the file-sharing system Bittorent so that other hackers can download it. As a result, hundreds of thousands of Twitter users have seen their accounts compromised and messages sent promoting drinks made from Acai Berry (“I lost 9lbs using acai! You must try it! RT”). In reaction to the security breach, Gawker Media released the following statement on it’s Website:
“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords.”
While the exact number of Twitter accounts that were affected remains unknown, security experts are warning that every identity thief, spammer and hacker will be attracted to the password file thus those who have had their Gawker account details published can expect to be targeted. Users can therefore protect themselves by replacing their passwords with strong and complex ones for their different online accounts.
Fortunately, the damage caused by the breach is expected to be minimal as Gawker is believed to only store emails, user-names and passwords of its users. However, doesn’t this make you wonder how safe your data is on the Internet?