The Gawker Media user database was just hacked and is available for download by anyone that wants it. This includes users of Gizmodo, Gawker, Kotaku, Lifehacker, Jalopnik, Deadspin, Jezebel, and io9.



Edited by Oneslowz28 to remove link.

I hate black-hats with a passion.

Penetration testing at its best

I removed the link, as I feel that we should not be promoting the download of stolen data. Falls into our anti piracy rules.

I removed the link, as I feel that we should not be promoting the download of stolen data. Falls into our anti piracy rules.

:?
The link wasn't to the stolen passwords it was to the article warning people to change their passwords before their account gets hacked...

...wait a second...

HE'S ONE OF THEM! :D

oh my bad. I thought it was to the data base download. I apologize. Please post it again.

oh my bad. I thought it was to the data base download. I apologize. Please post it again.
Haha! Yeah, I meant it's time for people to change their passwords before the hackers get into their account, not a rally cry to maliciously change all these peoples' passwords...or worse...
http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised

Makes me glad of two things:
1) I use a different password for just about every site.
2) I don't have a Gawker Media account. :P

EDIT:
Using a different password for each site does get difficult sometimes when the site has stupid password restrictions...I was on some site the other day, I think it was T-Mobile, and they had a length requirement of 7-11 characters.. -_^ WTF? a) Knowing that, their restricted characterspace (a-z, A-Z, 0-9, and a handful of special characters..all spelled out on their site), and whatever hash they use, I could generate a hash table in about 2 minutes. and b) All of my passwords that I care about are at least 16 characters long...

EDIT2:
What's even worse is when the site can't even handle it's own supposed password limits. I can't tell you how many times I've had to make an account on a site that said it could handle x-16 character passwords...that would break when i tried to use a 16 character password.. :facepalm:

EDIT3:
Hmmm...apparently I do have a Gawker account...though I don't remember making one...hmmm, I wonder what I password was. :think:

Dunno if it's still like this but it wasn't long ago that windows live saved all passwords in plain text -_-. It's MS so they prolly still do.

Dunno if it's still like this but it wasn't long ago that windows live saved all passwords in plain text -_-. It's MS so they prolly still do.

IDK about Windows Live, but I know the professional version (OCS) uses, iirc, SHA-1 on their saved passwords. Dirty little secret though...Pidgin still saves everything in plaintext.. :no:

I'm glad someone posted about this! I was going to stop by and mention the same thing as i frantically travel around the internet and change all of my passwords. I can't remember things that well so I always use the same password. Looks like I'm going to have to come up with an system to create moderately "unique" passwords for each website I use. I naively thought this would never happen to me. The scary part is that, the email i registered my Gawker account with, is the same i registered my paypal with, both sites also had the same password. I consider myself lucky to still have money in the bank.

Looks like I'm going to have to come up with an system to create moderately "unique" passwords for each website I use.

Passphrases. That is the answer. Easy to remember, but make them as long as possible and mix in caps, lower-case, numbers, and special characters, and you can have ridiculously strong passwords. I have a couple different passphrase templates that I use and incorporate something about each site into the phrase. That way it's easy to remember and unique to every site.

Passphrases. That is the answer. Easy to remember, but make them as long as possible and mix in caps, lower-case, numbers, and special characters, and you can have ridiculously strong passwords. I have a couple different passphrase templates that I use and incorporate something about each site into the phrase. That way it's easy to remember and unique to every site.

That's exactly what I was thinking of doing. My current "good" password is a pass phrase with letter>number replacement and special characters but I think its critical failing is that it's not tailored to each site. It's long though and most of my friends who see me unlock my computer always comment that its ridiculously long. I generally don't use that one for internet stuff though.

I might also come up with perhaps a number of good templates and have different password "groups" Like, one for Blogs and forums, or general Internet Use, then a separate template for things like, my paypal, ebay, and bank account. That way if Joe Blow hacks Gizmodo, I don't have to worry about ALL of my passwords but just passwords in that "Group".

I also thought about just setting up a password manager on my computer with a good master password and then just Randomly generated passwords for everything but I was always kind of iffy on those sort of programs.

It's long though and most of my friends who see me unlock my computer always comment that its ridiculously long.

Bet you don't have a BIOS password so anyone can still access all your files with a live CD :P

Bet you don't have a BIOS password so anyone can still access all your files with a live CD :P

This is true lol. I dont see any of my roomates wanting to do that though, this just keeps them from logging in and messing with my stuff like my facebook or chat client while im not at my PC.

Plus I imagine if someone did want to do that, and had the know how to throw in a live CD and boot in to linux, they could probably just take my hard drive out and do it on their own computer if i had a bios password or not.

Bet you don't have a BIOS password so anyone can still access all your files with a live CD :P

On my desktop, no, and I don't really have a strong password on it either since I figure if someone untrustworthy has access to that, I have bigger security issues.

My laptop, however, is a different matter entirely. BIOS password to lock power-on, full-drive encryption, and 16 character not even remotely dictionary password. I used to use the HDD power-on password lock that my laptop supports as well, but got burned when I upgraded to an SSD and couldn't remember the master password to remove the password lock on the HDD...so I leave that alone. Full-drive encryption is good enough for me. I suppose if I were even more paranoid I could put the boot sector (only part that has to be unencrypted) on a flash drive, but, well, I'm not..so there. :P

...they could probably just take my hard drive out and do it on their own computer if i had a bios password or not.

Since we're on the topic of passwords and security....
One of the quirks I like about Linux is, you have the option of encrypting the home folder until login.
Don't know how secure it is tho.

On my desktop, no, and I don't really have a strong password on it either since I figure if someone untrustworthy has access to that, I have bigger security issues.

My laptop, however, is a different matter entirely. BIOS password to lock power-on, full-drive encryption, and 16 character not even remotely dictionary password. I used to use the HDD power-on password lock that my laptop supports as well, but got burned when I upgraded to an SSD and couldn't remember the master password to remove the password lock on the HDD...so I leave that alone. Full-drive encryption is good enough for me. I suppose if I were even more paranoid I could put the boot sector (only part that has to be unencrypted) on a flash drive, but, well, I'm not..so there. :P

hmm... I really do need to upgrade the security on my laptop, probably should be doing this! lol

Password changes are always a good idea...I just hate trying to remember them all.