This weekend, the hacker group known as Gnosis released a database full of usernames and passwords associated with accounts at the popular blog network Gawker. The hacking attack apparently stemmed from Gawker’s alleged mocking of hackers associated with the forum 4chan who previously attempted to bring down Gawker’s servers. The previous attempt, which failed, was reportedly spurred on by Gawker’s coverage of a harassment campaign launched by 4chan members against an 11-year old YouTube user known as Jessi Slaughter, who had provoked the ire of trolls on the web. After the first attempt to intimidate and harass bloggers for Gawker, the blog posted a derisive report of the 4chan hacker’s failed attempts. The next round of security attacks, however, were successful, and thousands of email addresses, usernames and passwords were released to the public via a torrent published on PirateBay. In addition, the dump included a list of usernames and email address with encrypted passwords, which allegedly could be easily deciphered. Gawker responded to the data breach by sending emails to all of the users who may have been affected. In order to comment on Gawker blogs, which includes blogs such as Lifehacker, Jezebel and Fleshbot, users must register with the website. Those users who used the same password for their Gawker commenter accounts as they used for other sites were urged to change and strengthen all of their passwords. Since the attack and response from Gawker, the FBI has reportedly begun investigating the data breach. PCMag reported that an FBI spokesperson had confirmed that the FBI in New York was aware of the attacks and were looking into it. This massive leak of username passwords highlights several key issues in terms of online security. For one, it stresses the importance of webmasters and online service providers to exercise responsibility in stewarding the personal information of their users. But equally as emphatic are the urges for individual users to adopt more secure practices in creating their own usernames and passwords. A startling amount of the passwords exposed were weak, containing only lowercase letters from dictionary terms. Administrators at Gawker were among those who had notably weak passwords. Even more alarming was the amount of users who had easily guessable passwords—such as "password” "qwerty” or their own first names. While the aftermath of this massive password leak has yet to be fully measured, the most prominent impact has been a rash of hijacked Twitter accounts advertising Acai products which promulgate a worm virus. Also, many of those whose email addresses were revealed in the database have been subjected to phishing attempts from scammers masquerading as Lifehacker or Gawker staff.
|