artphoto by splunge
artphoto by TheophileEscargot
artphoto by Kronos_to_Earth
artphoto by ethylene





Mecha Wiki

Metachat Eye


IRC Channels



Comment Feed:


13 December 2010

Gawker hacked, CHANGE YOUR PASSWORDS! [More:]

Sorry if this has already been addressed, I seem to be about a day late to the party, but I figured it couldn't hurt to repost this post I made over at Mefightclub.

I woke up this morning and Google told me someone had been trying to fuck around with my account, and made me confirm a code they sent to my cellphone and advised me to change my password.
I then go to twitter to talk about how weird that was, and what the duece, my password had been changed! I changed it back and asked wtf was going on.
BitterOldPunk later made a tweet saying someone tried to change his Twitter password too.
Then I saw another person I follow on twitter complained that her facebook had been hacked.

BitterOldPunk asked if I thought it was related to the gawker hack.

The what?

Woops. Looks like Gawker got hacked.

If any of you think you might have logged into Gawker at some point, you should change your passwords.

I was all but positive I'd never logged into that site in my life. But I did some googling.

I found this Google Document, which contains MD5s of the email addresses that were hacked.
To see if your email address is among them, go to this page and convert your email address into MD5.
On the top left of the google document click "show options," select MD5, and search for the hash.

Sure enough, my hash was there. Mystery solved.
Luckily I'm smart enough to have used a different password for my gmail than for everything else, so they weren't able to lock me out of my gmail and other accounts.
Unfortuantely I'm stupid enough to use the same password for quite literally everything else. So I'm going to be spending most of the day changing my passwords for just about everything that uses one.

Hooray learning experiences that don't end terribly.
posted by mudpuppie 13 December | 14:20
Thanks for posting this, CF. I'd read about the Gawker hack (never used it, but I checked my email addys anyway) but didn't realize people were seeing trouble on Twitter and Facebook from it, too.
posted by BoringPostcards 13 December | 14:31
Hmmm. Lifehacker is one of those sites, isn't it? I had a login there, but i dont even remember the password anymore.
posted by DarkForest 13 December | 14:32
holy f***.. I don't recall every signing up to gawker but my primary email address' md5 is up there

jesus christ were they storing passwords in plaintext or md5 or what?
posted by Firas 13 December | 14:33
Terrible news. I did have a Gawker account, but thankfully, the published password was some Gawker generated randomness I don't use for anything else.
posted by ThePinkSuperhero 13 December | 14:48
Avoid the rigmarole and just use Slate's widget.

Firas, it appears the hackers got way inside the firewall, so all bets are off.
posted by dhartung 13 December | 17:28
My account wasn't messed with yay! But I went ahead and changed the password.
posted by deborah 13 December | 18:35
I use that userid/pw combo for all sorts of sites. Changed MeFi, MeCha, NYTimes, Gawker. Gmail uses diff pw. Cannot remember where else I have accounts.

people who want me to sign up, but then don't protect my info, piss me off.
posted by theora55 13 December | 19:19
What is an md5?
posted by Doohickie 13 December | 20:05
doohickie it's a way of creating a signature from text so instead of storing like "orange" it stores [random string of characters] that is created by putting "orange" through that function

you can't take the random string of characters and get "orange" back but.. the way they crack it is they put common words like "orange" through the hashing system and compare it to the hashes they have, then they know your password is "orange" if the signatures match up with the common word's signature
posted by Firas 13 December | 20:16
So if I've never set one up, there wouldn't be one for me?
posted by Doohickie 13 December | 20:29
you can check if your email address was compromised over here:
posted by Firas 13 December | 20:33
so just out of curiosity I asked gawker to reset my password so I could login and I put in my email address and I got a login for this username: "UmbertoIapetus" that has one valleywag comment from 2008 associated with it.. I have no idea what that username means, maybe it was randomly assigned..
posted by Firas 13 December | 20:40
Sigh. I've got about 75 passwords to change. Been working on it for two days now.
posted by octothorpe 13 December | 21:17
I entered my email address into those checksites & they said my account wasn't compromised, but I've still taken this opportunity to change a bunch of passwords.
I think I got an account because I felt an overwhelming urge to reply to something Jess McGuire said.
*shakes fist at Jess McGuire*
I have base 4 passwords I've been using variations of for anywhere from 5 - 16 years.
The 4 passwords are totally different. Every now & then I'll switch case or use characters instead of numbers. One of them is sacrificial, one of is used for important financial accounts.
Now I have a shit load of gobbledygook passwords I'll never remember & I'll get locked out of most of them.
DAMN YOU JESS MCGUIRE and all your colleagues in the Denton network.
posted by goshling 15 December | 06:08
How deep do you sleep? || Hey, what are you doing there?