Passwords compromised at Gawker, Gizmodo, Lifehacker, Kotaku, Deadspin and more..

Graham Cluley
Graham Cluley
@
 @grahamcluley.com
 @[email protected]

Gawker logoFollowing a security breach at Gawker Media, computer users who have left comments on websites such as Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot are being advised to change their passwords as a matter of priority.

In a statement published on their websites, the media group said:

We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security - and of trust. We're working around the clock to ensure our security (and our commenters' account security) moving forward.

If you've registered an account on any Gawker Media web site (that includes Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot), and you didn't log in using Facebook Connect, then it's best to assume that your username and password were included among the leaked data.

Sign up to our free newsletter.
Security news, advice, and tips.

Up to 1.3 million passwords are said to have been stolen from the websites by a hacking group calling itself Gnosis. The grabbed credentials were then posted up on Pirate Bay, allowing others – potentially – to compromise accounts.

Further details about how to proceed are available in their FAQ on the subject. If you’ve commented on the above list of websites I would recommend that you check out the FAQ as a matter of priority to ensure that your other online accounts are safe.

So, time to learn two important lessons. Never use the same password on multiple websites and – when changing your password like in situations like this – make sure that it’s not a dictionary word that is easy for hackers to crack.

[youtube=http://www.youtube.com/watch?v=VYzguTdOmmU&w=500&h=311&rel=0]

Update: The security breach has been implicated in a widespread Acai Berry spam attack which has hit Twitter users hard, emphasising the need to use different passwords on different websites.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.