Gawker Media, the publisher of a number of technical blogs, has been hacked in what appears to be a revenge attack for comments critical of 4Chan.
The comment system for Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot was breached, and the content management system is also believed to have been affected. Anyone who’s ever posted a comment on one of the sites could potentially be vulnerable.
Users who conneted via Facebook are believed to be fine, but those who used Twitter may find that they are now inadvertently tweeting spam
messages referring to’Acai Berries’.
A group named Gnosis has taken responsibility for the attacks, releasing a somewhat wordy explanation – as well as source code, passwords for Nick Denton and other senior Gawker staff and transcripts of internal communications. The full 500MB document is available as a Torrent file on Pirate Bay.
Very embarassingly for Denton, it seems he uses the same password for Google Apps, Twitter and the company’s Campfire internal chat system. Amongst commenters on the site, it seems, several thousand use ‘password’ as their password.
“You would think a site that likes to mock people, such as Gawker, would have better security and actually have a clue what they are doing,” it reads. “But as we’ve proven, those who think they are beyond our reach aren’t as safe as they would like to think!”
The hackers claim to have accessed over 1.3 million user names and passwords, in response to a comment on Gawker’s Campfire site. They cite a comment from Gawker reading: “We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012” as provocation.
Gawker became aware of the attack yesterday. The company says it’s ‘deeply embarrassed’ by the breach and is warning users to change their passwords – particularly if they use the same password for other services.
Gawker has been consistently critical of 4Chan, prompting a DDoS attack on the company’s sites back in July.