Gawker.com says its user database was compromised
Monday, December 13, 2010
NEW YORK (AP) — Gawker Media Inc. is urging subscribers to change their passwords because someone has managed to hack into the company’s user database.
The company, which runs a series of irreverent blogs on media, technology and other issues, said in a posting on its website Sunday that the commenting passwords used on the sites were encrypted, but simple ones could be vulnerable to attacks by hackers’ computers.
The company also said passwords on other sites should be changed if they were the same as the ones stored by Gawker Media.
“We’re deeply embarrassed by this breach,” the posting on gawker.com said. “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems.”
Millions of people are likely affected by the breach because of the popularity of Gawker’s sites such as Gizmodo, a tech gadget news site, said Rich Mogull, CEO of Phoenix-based Securosis, a security research firm.
The damage should be minimal, though, because Gawker probably stored only e-mails, user names and passwords, Mogull said. The problem comes if people use the same passwords on other sites, such as online banking. The hackers likely were able to figure out easy passwords even though they were protected on the Gawker site by a simple algorithm, and could use them to access bank accounts, Mogull said.
The hackers could be upset about something written on one of Gawker’s sites, or they could be doing it for bragging rights, Mogull said.
“It’s kind of a juvenile thing. It’s like spray-painting,” he said.
Such attacks are very common and difficult to stop, as long as the hackers have enough time to try to breach the system, he said. “If someone is determined and knowledgeable, you can’t keep them out,” he said.
The attacks probably are unrelated to recent cyberspace attacks over the WikiLeaks site’s release of classified government documents, but Gawker could have angered some of the same people, Mogull said.
Last week, the Visa and MasterCard sites were inaccessible for a short time likely because of attacks by supporters of WikiLeaks. Supporters were angry that the credit card companies had stopped processing donations to WikiLeaks.
Both MasterCard and Visa said that cardholders’ accounts were not at risk and that people could continue using their credit cards.
Supporters of WikiLeaks, which has released thousands of classified government documents in recent weeks, said they would attack companies and groups hostile to the site and its founder. An Internet group operating under the label “Operation Payback” claimed responsibility for the MasterCard and Visa problems in messages on Twitter and elsewhere.
Messages were left Sunday night for Gawker chief Nick Denton.
Gawker’s Gizmodo tech blog gained fame in May when it posted pictures of an iPhone prototype. The phone was lost by an Apple Inc. engineer in a Silicon Valley bar.