Gawker Hacked - Database ExposedHackers have gotten a hold of the database containing usernames and passwords of roughly 1...
Due to this poor encryption scheme, any password over 8 characters is truncated to 8 before being stored in thedatabase. U...
Upcoming SlideShare
Loading in...5
×

Gawker Hacked – Database Exposed

127

Published on

Hackers have gotten a hold of the database containing usernames and passwords of roughly 1.4 million users who have posted a comment to the Gawker website or any of its popular affiliates. If you've ever made a comment on any of the Gawker sites then your information has likely been compromised as a result of this breach. Also, due to clowns using the same password on multiple sites there are reports of a number of twitter accounts and other social media sites having those accounts compromised as well.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
127
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gawker Hacked – Database Exposed

  1. 1. Gawker Hacked - Database ExposedHackers have gotten a hold of the database containing usernames and passwords of roughly 1.4 million userswho have posted a comment to the Gawker website or any of its popular affiliates, including lifehacker.com,gizmodo.com, jalopnik.com, jezebel.com, kotaku.com, deadspin.com and others.They are not keeping this database to themselves either. They‟ve uploaded the entire thing to the public torrenttracker thepiratebay.org, including their rough analysis of the database, plaintext credentials for a number ofGawker employees, 200,000 decrypted passwords they‟ve cracked, as well as the entire 1.4 million encryptedusernames, email addresses, and encrypted passwords.Technical details on the hack are fairly slim at the moment, but the hacking group Gnosis has claimedresponsibility for it. This little tidbit was included in the upload of the database to thepiratebay.org:“F@#$ you gawker, hows this for “script kids”?Your empire has been compromised, Your servers, Your database‟s, Online accounts and source code have allbe ripped to shreds!You wanted attention, well guess what, You‟ve got it now!”It appears that Gnosis was able to guess the password of Gawker founder Nick Denton for his account on theCampfire team-collaboration portal that Gawker uses for internal communications and real-time chat amongststaff. Once Gnosis had access to this they were able to obtain a wealth of information from the reported 4gigabytes of chat logs.It seems that the password for the MySQL database was also disclosed somewhere in these logs. With the SQLcredentials in hand, it was a trivial matter for Gnosis to dump large amounts of information, includingusernames, email addresses, and encrypted passwords. Unfortunately the encryption used to protect thepasswords was the ancient and deprecated Data Encryption Standard (DES) which uses a measly 56 bitencryption key. WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM
  2. 2. Due to this poor encryption scheme, any password over 8 characters is truncated to 8 before being stored in thedatabase. Users with a password greater than 8 characters will not have the entire thing compromised, butaccess to their account will still be possible with the first 8 characters if cracked. Gnosis has cracked roughly200,000 of the 1.4 million passwords contained in the database they dumped. All of the hashes are available forcracking by anyone who‟s interested and has some spare CPU power.A rough analysis of the passwords cracked is pretty horrifying. Some gems: 2000 passwords were „password‟ 150,000 passwords consisting of all lowercase words 3000 passwords were „123456‟ Nick Denton had a password consisting of all numbersIf you‟ve ever made a comment on any of the Gawker sites then your information has likely been compromisedas a result of this breach. Also, due to clowns using the same password on multiple sites there are reports of anumber of twitter accounts and other social media sites having those accounts compromised as well.Don‟t use the same password for everything. This can‟t be stressed enough. Use a different password, or avariation of the same password.Slate has rigged up a little widget on their site that claims to check email addresses against the compromiseddatabase to see if you‟re a victim.Find it here http://www.slate.com/id/2277768/Written by Redspin Engineer, Mark Marshall, aka fulg0re WEB PHONE EMAIL WWW.REDSPIN.COM 800-721-9177 INFO@REDSPIN.COM

×