Gawker Media Servers Compromised

A group going by the name of "Gnosis" has claimed credit for compromising the email addresses and passwords of some 200,000 registered users of Gawker Media services, a major on-line and blogging media company, over the weekend, reports this story at ComputerWorld. Other stories (like here and here) claim well over a million accounts have been compromised.

According to this message at Lifehacker, one of the sites compromised,

"This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot."

The ComputerWorld story goes on to say that:

"The compromised information is now available in a 487 MB file, which can be downloaded from peer-to-peer networks using a torrent now indexed on The Pirate Bay. Other information in the file includes something called 'gawker_redesign_beta.jpg' as well as Gawker's server kernel versions. "

A post at the Gawker site it says,

"The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords."

"We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us."

io9 is calling the event Hackerpocalypse.

And finally, this story at eWeek says that the compromised emails have already led to a spam campaign using Twitter. More spam and phishing attacks as well are probably likely.