Support NeoGAF

D4Danger · Dec 13, 2010

If you have an account on any Gawker site you should probably change your password

So, here we are again with a monster release of ownage and data droppage.

Previous attacks against the target were mocked, so we came along and raised the bar a little.

Fuck you gawker, hows this for "script kids"?

Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds!

You wanted attention, well guess what, You've got it now!

Some Gawker employees got their emails, twitter accounts, dropbox accounts hacked. Also servers, databases, chat logs, everything basically.

full story / code dump -> ~~http://pastebin.com/9rRmf6W5~~ (dead link, it was just the readme.txt file from the torrent)

response -> http://gawker.com/5712615/commenting-accounts-compromised-++-change-your-passwords

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords.

We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us. For tips on creating strong passwords, see this post on Lifehacker.

and that kids, is why you don't say bad things about Anonymous.

---

adding this to the OP

shagg_187 said:
Will repeat one last time: there are torrents out there with passwords.

Three folders:
"Dumb_passwords.txt" which are, as the file says, dumb passwords (same as one listed on website above). 133kb filesize
"Parsed_db" which is a small portion/sample of the database (64,000+ accounts). 8850kb filesize
"Full_db" which is the entire database with shitloads of passwords (1.3 million accounts). A whooping 73,468kb of filesize (which is A LOT for simple text)!

Good luck!

---

Should I be worried?

If you use the same password everywhere (bad) and you're in here then yes, you should be and you should spend the next 10 minutes changing the password to anything that's important to you.

The passwords are hashed so you might think you're safe but those are 100% useless and easily decrypted.

If you want to check to see if your account has been compromised do this

shagg_187 said:
Follow these steps:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/DataSource?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If it does then your password has been compromised and sooner or later will be hacked if they feel like it.

if you get a hit then your password, email and account name are in the torrent.

update

here's an even easier tool to check

http://www.slate.com/id/2277768

just enter your email and it will tell you if it's in there.

Lard · Dec 13, 2010

If only they'd DDOSed Kotaku.

DeathbyVolcano · Dec 13, 2010

And that's why Anonymous is fucking stupid and just a bunch of manchildren who are fucking butthurt, wahhhhh

wenis · Dec 13, 2010

:lol :lol this made my day a little better....from -20 to -10.

nyong · Dec 13, 2010

Script kids is exactly what they are, though. A bunch of angsty anti-social wannabe hacker teens.

BertramCooper · Dec 13, 2010

DeathbyVolcano said:
And that's why Anonymous is fucking stupid and just a bunch of manchildren who are fucking butthurt, wahhhhh

.

Drkirby · Dec 13, 2010

Who is Gawker?

Lunchbox · Dec 13, 2010

whats gawker? what did they do to mock?

Jintor · Dec 13, 2010

Gawker media, a network of blogsites that spew vacant nothingness into the void

shuri · Dec 13, 2010

this has nothing to do with anonymous.

edit: disreguard that, I SUCK COCKS!

D4Danger · Dec 13, 2010

Drkirby said:
Who is Gawker?

Kotaku, Gizmodo, Lifehacker and some others

http://en.wikipedia.org/wiki/Gawker_Media

they all feed into the same site so if you have an account on one of those there's a chance it's been compromised.

blame space · Dec 13, 2010

BLOGGING!!!

Zozz · Dec 13, 2010

DeathbyVolcano said:
And that's why Anonymous is fucking stupid and just a bunch of manchildren who are fucking butthurt, wahhhhh

They were being called out on. It would have been bitches if they didn't do anything. If someone calls you out on something, you gotta hit them back in some way otherwise you're gonna look like a bitch.

Shao Kahn Brewing a Stew · Dec 13, 2010

Holy shit, the amount of passwords named "password" in that page is atrocious.

Elfforkusu · Dec 13, 2010

Gawker still uses RHEL4? C'mon, dudes, get with the times!

Jenga · Dec 13, 2010

wasn't done by 4chan

http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised

have been released as a BitTorrent by a group of hackers called Gnosis

BertramCooper · Dec 13, 2010

Zozz said:
They were being called out on. It would have been bitches if they didn't do anything. If someone calls you out on something, you gotta hit them back in some way otherwise you're gonna look like a bitch.

Get called out.

Commit a felony.

AdviceDog.jpg.

GavinGT · Dec 13, 2010

Link to original article trashing Anon?

Jintor · Dec 13, 2010

Jenga said:
wasn't done by 4chan

http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised

have been released as a BitTorrent by a group of hackers called Gnosis

You can be a 4chan/anon and still be a member of a hacking group

Dragon · Dec 13, 2010

shagg_187 said:
Holy shit, the amount of passwords named "password" in that page is atrocious.

You're surprised by the stupidity of man? Number one rule: People are lazy. Not to mention some of these websites (Yes I look at you monoprice!) don't even encrypt their passwords. Those lazy fucks.

Jenga said:
wasn't done by 4chan

http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised

have been released as a BitTorrent by a group of hackers called Gnosis

Noooooooooooooooo. KOS-MOS!!!

Jenga · Dec 13, 2010

Jintor said:
You can be a 4chan/anon and still be a member of a hacking group

but they didn't take credit for it so it matters little no?

Lkr · Dec 13, 2010

i think i have a kotaku account...but what is the point in changing the password now if its already been hacked?:lol

hateradio · Dec 13, 2010

GavinGT · Dec 13, 2010

Obligatory: http://www.youtube.com/watch?v=DNO6G4ApJQY

Lunchbox · Dec 13, 2010

Lkr said:
i think i have a kotaku account...but what is the point in changing the password now if its already been hacked?:lol

password123456

Celsior · Dec 13, 2010

Hacking solves all issues

and forms worse ones

Zilch · Dec 13, 2010

How are people unaware of what Gawker is? New to teh internets?

eosos · Dec 13, 2010

Anyone else trying those FTP server and password combos? I am and the thq works. Don't know about the rest but there are screenshots of stuff that's probably old.

D4Danger · Dec 13, 2010

Jenga said:
wasn't done by 4chan

http://yro.slashdot.org/story/10/12/12/2234252/Gawker-Source-Code-and-Databases-Compromised

have been released as a BitTorrent by a group of hackers called Gnosis

ah, ok. I kept seeing it being credited to Anon. I don't know how these things work tbh

GavinGT said:
Link to original article trashing Anon?

I think it's this -> http://gawker.com/5590840/4chans-sad-war-to-silence-gawker

Lkr said:
i think i have a kotaku account...but what is the point in changing the password now if its already been hacked?:lol

a surprising amount of people use the same password everywhere.

you must have seen how gaf detectives work by now.

Amir0x · Dec 13, 2010

DeathbyVolcano said:
And that's why Anonymous is fucking stupid and just a bunch of manchildren who are fucking butthurt, wahhhhh

ding ding

Elfforkusu · Dec 13, 2010

Lkr said:
i think i have a kotaku account...but what is the point in changing the password now if its already been hacked?:lol

I don't understand the question. A hash of your account's password is available for (someone) to look at and potentially crack if it's simple enough. If in the future you would like to be sure that someone else isn't logged into your account, you may want to change the password!

If you happen to use the same password elsewhere you'll want to change those too, not just because the current one is potentially known, but because using the same password everywhere is stupid.

enzo_gt · Dec 13, 2010

Herp derp were going to be cool and call out Anon. Seriously, whether you think Anon is good or bad or whatever, why the fuck would you put your business in a vulnerable position? For the sake of making a statement?

Lkr · Dec 13, 2010

D4Danger said:
ah, ok. I kept seeing it being credited to Anon. I don't know how these things work tbh

I think it's this -> http://gawker.com/5590840/4chans-sad-war-to-silence-gawker

a surprising amount of people use the same password everywhere.

you must have seen how gaf detectives work by now.

ah, nevermind then

Burger · Dec 13, 2010

Ahahahghhahasgajhfkld :lol :lol

Hilarious. Look at all these Gawker editors and writers with their lame ass passwords. How many articles has Lifehacker written on passwords, or Gizmodo?

Also thousands of users using 'password' or 'qwerty' as their passwords. You people deserve this.

GavinGT · Dec 13, 2010

I'm fairly sure this all goes back to their reporting on the Jessie Slaughter story.

hsin said:
The world needs them amirite

One day 4chan will save the world by hacking into an attacking alien mothership, Jeff Goldblum style.

hsin · Dec 13, 2010

nyong said:
Script kids is exactly what they are, though. A bunch of angsty anti-social wannabe hacker teens.

The world needs them amirite

Anyway, that's awesome. I love seeing people run their mouths and calling people out only to be victimized. I LOVE IT!!

Lkr · Dec 13, 2010

Burger said:
Ahahahghhahasgajhfkld :lol :lol

Hilarious. Look at all these Gawker editors and writers with their lame ass passwords. How many articles has Lifehacker written on passwords, or Gizmodo?

Also thousands of users using 'password' or 'qwerty' as their passwords. You people deserve this.

How many people will REALLY care if their gawker commenting account gets hacked though?

Siebzehn50 · Dec 13, 2010

Jenga said:
but they didn't take credit for it so it matters little no?

How is 4chan going to take credit for this? Its likely the hackers post at 4chan.

Keyser Soze · Dec 13, 2010

Lkr said:
i think i have a kotaku account...but what is the point in changing the password now if its already been hacked?:lol

The hack just got a list of info from the site in its current form, so they only go a dump of info on you and others. If you change your password, then they current info they have on you is useless.

shuri · Dec 13, 2010

eosos said:
Anyone else trying those FTP server and password combos? I am and the thq works. Don't know about the rest but there are screenshots of stuff that's probably old.

.. dont do this shit!:lol

Keyser Soze · Dec 13, 2010

Lkr said:
How many people will REALLY care if their gawker commenting account gets hacked though?

A huge percentage of people use the same username/password combo for all the sites/services they visit, so I'd say some could get pissed

D4Danger · Dec 13, 2010

shuri said:
.. dont do this shit!:lol

:lol wtf some still work?

I'd just like to point out that I didn't know that and I don't condone this action.

Shao Kahn Brewing a Stew · Dec 13, 2010

The chatlog... wow.

#
#
Maureen O.
#
hey guess what, 4chan has already declared gawker the winner of the 4chan war! we won!
#

#
Richard L.
#
VICTORY
#

#
Richard L.
#
what'd they say?
#

#
Jim N.
#
USA! USA!
#

#
Richard L.
#
MR. OBAMA, TEAR DOWN THAT MOSQUE!
#

#
Maureen O.
#
they say that this day will go down in history as the day 4chan failed.
#

#
Richard L.
#
that's terrific.
#

#
Richard L.
#
they've been demoted to 3chan

And this is where I will stop visiting any gawker-based website.

Stumpokapow · Dec 13, 2010

nyong said:
Script kids is exactly what they are, though. A bunch of angsty anti-social wannabe hacker teens.

I'm not sure you're able to successfully separate your personal judgment of what kind of people they are from your technical judgment of their ability.

magnificent83 · Dec 13, 2010

Did they really get the entire database, I don't see my active id in there?

ToastyBanana · Dec 13, 2010

D4Danger said:
full story / code dump -> http://pastebin.com/9rRmf6W5

That's a lot of people with 'password' as their password.

faceless007 · Dec 13, 2010

Two groups of juvenile manchildren fighting. Am I supposed to care who wins?

sangreal · Dec 13, 2010

magnificent83 said:
Did they really get the entire database, I don't see my active id in there?

Yes. They didn't post them all

edit: actually they said they stopped at I think 1.3 million users

jediyoshi · Dec 13, 2010

magnificent83 said:
Did they really get the entire database, I don't see my active id in there?

The accounts listed on the pastebin are only ones of certain passwords, it'd be a fairly lengthy document if everything was listed.
edit:

Shao Kahn Brewing a Stew · Dec 13, 2010

Peasants indeed.

Support NeoGAF

Gawker media taunts Anonymous; gets hacked

Unconfirmed Member

Banned

Banned

Registered for GAF on September 11, 2001.

Banned

Banned

Corporate Apologist

Banned

Member

Banned

Unconfirmed Member

Banned

Banned

Banned

Member

Banned

Banned

Banned

Member

Banned

Banned

Member

The Most Dangerous Yes Man

Banned

Banned

Member

Banned

Banned

Unconfirmed Member

Banned

Member

tagged by Blackace

Member

Member

Banned

Banned

Member

Member

Member

Banned

Member

Unconfirmed Member

Banned

listen to the mad man

Member

Member

Member

Member

Member

Banned

Similar threads