• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Kotaku, Gawker hacked; Accounts leaked. Change your passwords if you have an account.

Title says it all. From OT: http://www.neogaf.com/forum/showthread.php?t=415697

D4Danger said:
If you have an account on any Gawker site you should probably change your password

they got emails, twitter accounts, dropbox accounts, servers, databases, chat logs, everything basically.

full story / code dump -> http://pastebin.com/9rRmf6W5

response -> http://gawker.com/5712615/commenting-accounts-compromised-++-change-your-passwords

and that kids, is why you don't say bad things about Anonymous.

If you do have an account, change the password cause it's now a public domain.

Will repeat one last time: there are torrents out there with passwords.

Three folders:
  • "Dumb_passwords.txt" which are, as the file says, dumb passwords (2,500+ accounts/passwords). 133kb filesize
  • "Parsed_db" which is a small portion/sample of the database (64,000+ accounts/passwords). 8850kb filesize
  • "Full_db" which is the entire database (supposedly 1.3 million accounts). A whooping 73,468kb of filesize

Good luck!

EDIT 2: Here's the quickest way to check if your account info is out there:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/DataSource?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If ANYTHING shows up on the search result (e.g. xxxx.com where xxxx is the domain of your email address) it does then your password has been compromised and sooner or later will be hacked if they feel like it.
 

dwebo

Member
Thankfully I've never had the urge to comment on any of their blogs and thus don't have an account... I hope. :lol
 

bistromathics

facing a bright new dawn
highluxury said:
eatmydick? Not very surprising coming from him. Always had a douchey attitude.
lol i know...this was the first thing i noticed, too :lol

(account still worked when i tried it, too)
 
shagg_187 said:
Lies. 1.3 million username/passwords out there.

If you consider "1q2w3e" a secure password then the passwords were not encrypted.

I'm sorry sir, but are you implying that these people:


TO73t.png




...don't care about their members' security? Shame on you.
 
fortified_concept said:
I'm sorry, sir, but are you implying that these people:

http://imgur.com/TO73t.png[IMG]

...don't care about their members' security? Shame on you.[/QUOTE]

:lol :lol

Will repeat one last time: there are torrents out there with passwords.

Three folders:
"Dumb_passwords.txt" which are, as the file says, dumb passwords.
"Parsed_db" which is a small portion of the database.
"Full_db" which is the entire database with shitloads of passwords.

Good luck!
 

Kritz

Banned
While I have different passwords for every site I visit,

Which sites have had the password leaks? Just Kotaku and whatever Gawker is? I don't think I have either of those, so I'm safe either way...
 

LiK

Member
if you guys aren't sure, just try recovering your pw and put in an email you think you use to login. it'll tell you if you have an account with them.
 
My e.mail account shows I have made a single comment in mid 2009 but no reference to account on there, just an e.mail 'confirm comment' thing. Am I safe, I should have some welcome message if I signed up.

I wonder how secure GAF's passwords are? Not that the management around here go waving their dicks in Anonymous' face.
 

Edgeward

Member
Wow, it's a good thing I never signed up for their websites. And damn, so many people use password and qwerty, what the fuck?
 
Edgeward said:
Wow, it's a good thing I never signed up for their websites. And damn, so many people use password and qwerty, what the fuck?
You could at least forgive them if they used 1234 as being a Mel Brooks fan. It's hard to get creative if you're signing up for something like Kotaku or Gawker.
 

Jonnyram

Member
shagg_187 said:
Lies. 1.3 million username/passwords out there.

If you consider "1q2w3e" a secure password then the passwords were not encrypted.
It says this in the pastebin:

Gawker uses a really outdated hashing algorithm known as DES (Data Encryption Standard).

Because DES has a maximum of 8chars using a password like "abcdefgh1234" only the first 8 characters "abcdefgh" are encrypted and stored in the database. If your password is longer than 8 characters you only need to enter the first 8 characters to log in!
 
Ok... my email is in the database, but the password seems to be encrypted... or it seems like it's one of those randomly generated passwords. *phew*
 
Aaron said:
If you sign up with these terrible sites, you get what you deserve.

Fixed.

Nothing wrong with reading crap early in the morning. One time I was tempted to sign up and comment on something. I saw an oh use your facebook info and I went...that's a bad idea, stopped, and never bothered. Man talk about the awesome choice of the day. :lol
 

bistromathics

facing a bright new dawn
Metalmurphy said:
Ok... my email is in the database, but the password seems to be encrypted... or it seems like it's one of those randomly generated passwords. *phew*
quick way to check the DB?
 

Dacvak

No one shall be brought before our LORD David Bowie without the true and secret knowledge of the Photoshop. For in that time, so shall He appear.
I'm equal parts pissed at 4chan and Gawker right now.
 

seady

Member
I received several emails from sites such as Hotmail and Facebook confirming with me if I really want a "password reset". Of course I didn't ask for it. I wonder if it has something to do with this… :(
 

Aaron

Member
Manos: The Hans of Fate said:
Fixed.

Nothing wrong with reading crap early in the morning. One time I was tempted to sign up and comment on something. I saw an oh use your facebook info and I went...that's a bad idea, stopped, and never bothered. Man talk about the awesome choice of the day. :lol
I don't object to reading garbage. I object to the quality of the garbage you're consuming. There are hundreds of sites out there that cater to the same venal desire, and most of them do it better. These are truly some of the most bottom of the basement swill you can find. Have a little self respect, sir. What you are doing to your brain by visiting these vomit-stained dens of depravity is both cruel and entirely avoidable. For the sake of your continued intelligence, look elsewhere.
 
Top Bottom