Chris Hall bio photo

Chris Hall

Principal Technical Consultant

PolarCloudsUK Chris LinkedIn Github
Chris Hall Nutanix Certified Master - Multicloud Infrastructure 6 Chris Hall VMware vExpert 2024 Nutanix Certified Professional - Cloud Integration Chris Hall Nutanix Certified Professional - Multicloud Infrastructure 6 Chris Hall Nutanix Certified Professional - Unified Storage 6 Chris Hall VMware vExpert 2023 Chris Hall VMware vExpert 2022
On the weekend of 11 and 12 of December 2010 it was discovered that the servers of Gawker Media (that includes the websites Gawker, Deadspin, Kotaku, Jezebel, io9, Jalopnik, Gizmodo, Lifehacker or Fleshbot*) had been hacked.

Nearly 1.25 million commenter user accounts, including more than 500,000 user e-mails and more than 185,000 decrypted passwords were posted to the Pirate Bay, available for anyone with the time or inclination to download.

Of corse, this security breach is potentially extremely serious for those who use common credentials across multiple on-line accounts.

Although the data retrieved from Gawker was encrypted, it is reported that the encryption is easily reversible.

As an example, twitter is reportedly already seeing a mass Acai Berry spaming campaign emanating from compromised accounts.

So the obvious question on everyone's mind who has ever commented on any of these sites: has my email address / password / username been leaked through the Gawker database hack?

Am I affected?
Option 1:

1. Visit this website type your email address in the Input box and click MD5. This will generate an MD5 hash of your email address. Copy the string to your clipboard.

Alternatively, if you don't fancy posting your email address into yet another website and are running Linux, then use this sequence of commands to obtain the MD5 hash of your email address:

md5sum <<EOF
[email protected]
EOF

2. Open This Google Fusion Table, click on “Show Options” and choose “MD5” from the drop-down.  Paste the MD5 string generated above into the input box and click apply.

If you see a matching row, it’s time to change your Gawker password ASAP and change any other online accounts where you may be using that same ID / email address.


Option 2:
As linked to by Gawker themselves, use this online tool

For further information and an apology from Gawker, see this lifehacker post

Finally, here is a nice little way to construct secure individual website passwords from the security team at Mozilla:


Have fun and STAY SECURE!

- Chris

------
*Fleshbot: Having never heard of Fleshbot, I googled it.  Hmmm Mistake.  Here is how Gawker themselves carefully and succinctly describe their fleshbot service: http://advertising.gawker.com/titles/fleshbot/