In the modern media equivalent of a Greek myth, the Gawker empire was hit hard over the weekend when it was revealed that a hacker group had infiltrated its commenter database via a vulnerability in its source code, exposing the user names and encrypted passwords for over 1.3 million commenters. To further drive the moral of this story home, the group, which goes by the name Gnosis, pulled a dictionary attack and unencrypted about 188K of the easiest ones like “password” or “qwerty” releasing the whole database and source code package in a torrent on Pirate Bay.
Apparently the Gawker data breach was no secret on the Internet (reports had been circulating for about a month) and people offered Gnosis money for the Gawker database before the release. According to a Gnosis representative who gave details to TechCrunch, the group received several offers all in the vicinity of 2K, mostly from spammers and re-salers, “certainly not for good.”
Already Internet nogoodniks are taking advantage of the exploit. A hack-related Twitter attack on Sunday forced users to tweet about the Acai berry diet. TechCrunch Senior Editor Erick Shoenfeld fell prey to what looks like the second iteration of the Acai attack this morning. The New York Post reports that one woman had her entire life “turned upside down“ when her social media accounts were taken over and used to post anti-Semitic messages. Behemoths LinkedIn, Yahoo and World Of Warcraft have all taken measures to protect against further attacks.
Because many people use the same password across multiple sites, this spammer’s delight is going to get worse before it gets better. Especially if the attacks spread from social media to financial services. It’s time to get an entirely new password if you’ve ever commented on Gawker, for everything, even if your password (like both of mine) is still encrypted in the full_db.txt file. You can check if your information has been exposed here.
Apparently the Gawker data breach was no secret on the Internet (reports had been circulating for about a month) and people offered Gnosis money for the Gawker database before the release. According to a Gnosis representative who gave details to TechCrunch, the group received several offers all in the vicinity of 2K, mostly from spammers and re-salers, “certainly not for good.”
Already Internet nogoodniks are taking advantage of the exploit. A hack-related Twitter attack on Sunday forced users to tweet about the Acai berry diet. TechCrunch Senior Editor Erick Shoenfeld fell prey to what looks like the second iteration of the Acai attack this morning. The New York Post reports that one woman had her entire life “turned upside down“ when her social media accounts were taken over and used to post anti-Semitic messages. Behemoths LinkedIn, Yahoo and World Of Warcraft have all taken measures to protect against further attacks.
Because many people use the same password across multiple sites, this spammer’s delight is going to get worse before it gets better. Especially if the attacks spread from social media to financial services. It’s time to get an entirely new password if you’ve ever commented on Gawker, for everything, even if your password (like both of mine) is still encrypted in the full_db.txt file. You can check if your information has been exposed here.
No comments:
Post a Comment