Most people are recommending everyone change your Gawker password. I recommend avoiding Gawker entirely until they get their security holes fixed. There’s plenty of reason to assume that Gawker’s source code has been compromised and malware installed. Change all of your other passwords and avoid Gawker Media sites altogether.
Here’s some information from the hacker’s readme.
After gaining access to gawkers MySQL database we stumble upon a huge table containing ~1,500,000 users. After a few days of dumping we decided that 1.3 million was enough.
Gawker uses a really outdated hashing algorithm known as DES (Data Encryption Standard).
Because DES has a maximum of 8chars using a password like “abcdefgh1234” only the first 8 characters “abcdefgh” are encrypted and stored in the database. If your password is longer than 8 characters you only need to enter the first 8 characters to log in!
YA DONT SAY!! :D?
Because of this we were only able to recover the first 8 characters of someones password!
If the password is 8 characters long there’s a good chance that it migt be longer than 8 characters! But still, there’s 1000’s of people using 1 – 8 character passwords for us to have some fun with!
We managed to crack ~200,000 hashes, if you want the rest of them cracking
DO IT YOUR FUCKING SELF! >:3
Here’s a quote of encouragement for gawker users from Scott:
“We’ll continue to look into this, but as I commented on your site earlier, we have no evidence that any of our readers’ user accounts/passwords have been compromised. They are not stored in plain text and are on entirely different systems than the third-party hosted Campfire screenshots that appear in this article.
There’s no evidence to suggest any Gawker Network user accounts were compromised, and passwords are encrypted (not stored in plain text) anyway, so stealing passwords isn’t even possible.”
Yeah, that’s not true because hundreds of thousands of passwords were decrypted, including Nick Denton and all of the Gawker writers, such as Richard Lawson.
And here’s an internal Gawker chat.
Here’s an amusing chat log from the campfire where they think they’d actually won!
Apparently they’re not scared of 4chan, and Brian M invites us all to suck on his micro penis leading us to beleive he is gay!
it appears that there is dissent among the 4channers as to whether 4chan’s attack on us means 4chan is pathetic and unscary now.
“this is ryan tate… reporting live… from the 4chan attack…
casualties here are high… richard lawson has been keening for
over an hour, tearing at his hair and clothing… the air is
thick with smoke…” you’ll win a pulitzer!
be sure to point out that they are dorks for doing that.
I really hate the fucking internet. carry on!
Jim you should make an angry video response.
10 Things 4Chan Users Should Do Rather than Attack Us
tell em what’s what.
that’s what I would write
“fuck all of this, I’m going Luddite”
when my personal webserver goes down I am blaming all of you
no wait, I already do
how long did we go down for? (TWSS amirite hamno?)
srsly though, anyone remember? or was it just slooowwwww
i don’t think we actually went down — slowed a little, but not much?
The headeline of your post should be “Suck on This, 4Chan”
I like the call to make today Everybody Write About 4chan Day
Nick Denton Says Bring It On 4Chan, Right to My Home Address (After The Jump)
We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012
don’t forget Fourth Floor
Right! And Brian’s headcut illustration
As the lead image
Oh, 4Chan does not want to mess with me once I wind my neck up at them
has entered the room
hey guess what, 4chan has already declared gawker the winner of the 4chan war! we won!
what’d they say?
MR. OBAMA, TEAR DOWN THAT MOSQUE!
they say that this day will go down in history as the day 4chan failed.
they’ve been demoted to 3chan
I guess you all spoke too soon, you might have won the battle but the war is far from over!
While you were all busy jerking eachother off we were slowly picking at your server.
Lets see if Ryans still “Not Scared of 4chan” after this lol.
Also Maureen, not one person on 4chan decides for the whole collective.
WHO’S LAUGHING NOW LOL?
You would think a site that likes to mock people, such as gawker, would have better security and actually have a clue what they are doing. But as we’ve proven ,those who think they are beyond our reach aren’t as safe as they would like to think!
You Can’t Delete Your Gawker Account. December 13, 2010.