• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Gawker media taunts Anonymous; gets hacked

Status
Not open for further replies.
S

sangreal

Member
Metalmurphy said:
My mail is in the full database, but the password seems to be encrypted. Can people actually decrypt this?
Click to expand...

Yes

Even if they couldn't, it would be best not assume that is the case.
 
S

Shao Kahn Brewing a Stew

Banned
Valkyr Junkie said:
Same. All of the PWs there seem to be encrypted. Maybe the Gawker guys were being honest when they said only the simple passwords were vulnerable. No idea.
Click to expand...
Gawker has an encryption but with time (shit lot of time) they could've been decrypted. They simply ran out of time and couldn't decrypt all of them (my password didn't make the "decryption" cut even though my password for kotaku account was shit easy).

The easier ones with characters followed by numbers or numbers followed by characters are out there. Ones with multiple combinations are not decrypted but their encryption is available, and the email addresses are available for all accounts accessed.
 
I

itxaka

Defeatist
RustyNails said:
Dude you probably never worked in IT. This is a huuuuuuuge problem. I don't even know where to start from.
Click to expand...


Yes I worked and found dumb password like "cuminmyface" and "bigtits" (users weren't really happy when I asked them, sucks for them) but at least they didn't put password :lol I am serious when I say that never found anyone with the password/password combination. That is really a level above the usual stupidity of the average business user.
 
R

RustyNails

Member
I have a question...can Gawker take this to court?
itxaka said:
Yes I worked and found dumb password like "cuminmyface" and "bigtits" (users weren't really happy when I asked them, sucks for them) but at least they didn't put password :lol I am serious when I say that never found anyone with the password/password combination. That is really a level above the usual stupidity of the average business user.
Click to expand...
lol :lol :lol
 
D

D4Danger

Unconfirmed Member
Metalmurphy said:
My mail is in the full database, but the password seems to be encrypted. Can people actually decrypt this?
Click to expand...

short answer: yes

I'm sure there's people here who could explain this better but basically it's a good idea to 'salt' passwords and then hash them. Gawker didn't bother doing this so anyone with enough time of their hands could run these against a list of known hashes and work them out.

http://en.wikipedia.org/wiki/Salt_(cryptography)
http://en.wikipedia.org/wiki/Rainbow_table
 
R

RustyNails

Member
shagg_187 said:
If they find people behind this, yes. Hell, you can take Gawker to court for saying that they were being too fucking cocky, got hacked and your accounts got hacked.
Click to expand...
Only if they find the guys who did that? I asked this because something similar happened with Sarah Palin's account, and moot was asked to give testimony in court. Maybe we can expect something like that again?
 
?

(._.)

Banned
Hard for me to bat an eye when Kotaku and all them damn hipsters are affected by this. Borderline embarrassed for both sides though. Pretty tame compared to some things that have been done.

NERDS vs HIPSTERS
 
M

Manos: The Hans of Fate

Banned
(._.) said:
Hard for me to bat an eye when Kotaku and all them damn hipsters are affected by this. Borderline embarrassed for both sides though. Pretty tame compared to some things that have been done.

NERDS vs HIPSTERS
Click to expand...

Hmm, putting it that way...it's not as bad. :lol
 
S

Shao Kahn Brewing a Stew

Banned
RustyNails said:
Only if they find the guys who did that? I asked this because something similar happened with Sarah Palin's account, and moot was asked to give testimony in court. Maybe we can expect something like that again?
Click to expand...
Sarah Palin is motherfucking Sarah Palin! :p

Of course, they can take moot to testify but Gnosis are taking responsibility for the hack, not 4chan.
 
C

cuevas. PhD.

Member
Wolf Akela said:
Well darnit, I have an account there using my master password. :/

Changed the passwords of my e-mail, Facebook, Steam and GameFAQs. Can't remember other sites I need to go to.
Click to expand...

Why do people still do this? I have separate passwords for my email and bank account then some random passwords for sites I sign up for and save them on firefox. The ones for random sites are just different combinations of the same PW so if I ever lose my FF I can guess them. Maybe I'm just paranoid.
 
Z

Zilch

Banned
(._.) said:
Hard for me to bat an eye when Kotaku and all them damn hipsters are affected by this. Borderline embarrassed for both sides though. Pretty tame compared to some things that have been done.

NERDS vs HIPSTERS
Click to expand...

who are the hipsters here?
 
S

Solaros

Member
Catshade said:
I'm not computer-savvy...but, really?!
Click to expand...
Yes, that is how DES works...

The Windows LM Hash also has various flaws due to how MS implemented it. This is used through at least Vista that I know of. It is easy to crack passwords, especially when they are in the SAM and few characters (less than 8). Using a pass-phrase (longer than 15 characters) makes it so your password is not hashed.
 
H

Hylian7

Member
Torrents are blocked here at my University, is there any chance I can see the three files through an HTTP or FTP download so I can see if I'm on there or not? I'm not on the Pastebin list, but I know that's not everything.
 
V

VGChampion

Member
Are these the people who went to the trade show and used their toy remotes to turn off TV's at a profesional trade show? If so, can't say they didn't deserve it. Children attack other children. News at 11.
 
smokeymicpot

smokeymicpot

Beat EviLore at pool.
VGChampion said:
Are these the people who went to the trade show and used their toy remotes to turn off TV's at a profesional trade show? If so, can't say they didn't deserve it. Children attack other children. News at 11.
Click to expand...

I think so. They are also the people that had the leaked iphone.
 
S

Shao Kahn Brewing a Stew

Banned
Hylian7 said:
Torrents are blocked here at my University, is there any chance I can see the three files through an HTTP or FTP download so I can see if I'm on there or not? I'm not on the Pastebin list, but I know that's not everything.
Click to expand...

Follow these steps:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/DataSource?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If it does then your password has been compromised and sooner or later will be hacked if they feel like it.
 
I

itxaka

Defeatist
Solaros said:
Yes, that is how DES works...

The Windows LM Hash also has various flaws due to how MS implemented it. This is used through at least Vista that I know of. It is easy to crack passwords, especially when they are in the SAM and few characters (less than 8). Using a pass-phrase (longer than 15 characters) makes it so your password is not hashed.
Click to expand...


In fact you can hack even a good windows password in less than 15 seconds with the rainbow tables and there is even a online tool that does it for you so you don't need to download the 560Gb of the tables!
 
P

polyh3dron

Banned
Zilch said:
How are people unaware of what Gawker is? New to teh internets?
Click to expand...
No matter what a thread is talking about, on GAF there will be at least one person who chimes in saying "What/who is x?" even for things that you think would be no-brainers.
 
C

cuevas. PhD.

Member
why isn't my username on any of the files? When I went through all of them I realized I skipped over the dumb passwords and I had an awful feeling go through me but luckily I wasn't in there either.
 
V

Vamphuntr

Member
I don't go to kotaku but I do have a twitter and dropbox account. Do I have to change my passwords? What the hell is gawker?
 
C

celebi23

Member
shagg_187 said:
Follow these steps:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/DataSource?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If it does then your password has been compromised and sooner or later will be hacked if they feel like it.
Click to expand...

Fuck, my email address is on that list. Anyone know of the gawker page to delete the account/change the password? Thank god my email password is pretty unique :lol
 
I

itxaka

Defeatist
Solaros said:
Depending on your definition of good, I'd argue that it can't be done ;)

What site were you referencing in particular?
Click to expand...


I dare you to try it with your own password because it's pretty awesome. I got out the other day this password:
"Hpg{%h'U])82M

freaking awesome, this is the address: http://www.objectif-securite.ch/en/products.php
From the Ophcrack guys. The demo is at the lowest part of the page, enter the hash and click it

In January, the downloads of Ophcrack have broken the 10 million mark! In the general euphoria following this event we decided to make our XP_special rainbow table available on-line for free. This cracks passwords made of 52 mixed case letters, 10 numbers and 33 special characters of length up to 14 in 5 seconds average! This performance is achieved by putting the XP special table on steroids (we increased the size from 8GB to 90GB and host it on an SSD). If you just need to crack a single password, feel free to peruse our demo rather than purchasing and downloading the 8GB table.
Click to expand...
 
S

Shao Kahn Brewing a Stew

Banned
celebi23 said:
Fuck, my email address is on that list. Anyone know of the gawker page to delete the account/change the password? Thank god my email password is pretty unique :lol
Click to expand...
Gawker has a "policy" that they don't delete accounts of users. I just logged in and changed everything to random bullshit.
 
V

Vamphuntr

Member
So Gawker is basically Kotaku and it's affiliates. I don't have an account there and my email is not on the list. How is that related to dropbox and twitter? People had that info in their gawker account?
 
V

victreeb3l

Member
i honestly have no idea whether or not i ever posted a comment there. i fuckin hate gawker media but whatever, pretty scary how a giant can be brought to its knees so easily

will they take any legal action? is that even possible?
 
D

D4Danger

Unconfirmed Member
Vamphuntr said:
So Gawker is basically Kotaku and it's affiliates. I don't have an account there and my email is not on the list. How is that related to dropbox and twitter? People had that info in their gawker account?
Click to expand...

no, that's only some gawker staffers who got those hacked. I'll make it clearer in the OP.

You don't have anything to worry about from any other site unless you use the same password.
 
Z

Zilch

Banned
Vamphuntr said:
So Gawker is basically Kotaku and it's affiliates. I don't have an account there and my email is not on the list. How is that related to dropbox and twitter? People had that info in their gawker account?
Click to expand...

Gawker is basically Gawker and its affiliates. Do people here honestly not know that Gawker.com is one of the biggest, most visited sites on the goddamn internet?
 
N

nVidiot_Whore

Banned
Vamphuntr said:
So Gawker is basically Kotaku and it's affiliates. I don't have an account there and my email is not on the list. How is that related to dropbox and twitter? People had that info in their gawker account?
Click to expand...

They have the e-mail address of everyone.

They figured out the passwords of lots of people, especially those with poorly thought out passwords... and of course various Gawker employees, bad passwords or not.

I'm sure they could then take the same e-mail, use it as a login elsewhere, and try the passwords of those users.

I'm guessing they may have done this specifically for the accounts of Gawker editors.
 
D

Drkirby

Corporate Apologist
Heh, there are number of people with IRS email address signed up, I see one from the EPA, someone from California Social Services, anther from the department of housing and uban development.

So, how long till the long list of email address is copied by ad bots?
 
N

nVidiot_Whore

Banned
Zilch said:
Gawker is basically Gawker and its affiliates. Do people here honestly not know that Gawker.com is one of the biggest, most visited sites on the goddamn internet?
Click to expand...

Haha something about how angry you seem in this post cracked me up.

I've been on the internet since the beginning.. while I've heard of gawker, I had no clue it was all that popular. *shrug*
 
S

Smash88

Banned
You know what's awesome about this, that same email address was hacked in August and Hotmail refused to allow me to reset it even after I gave them ample proof that I knew what was in my inbox. So gawker can have fun with that email (it was just for spam I signed up for), and the password that associated it was for jokes, and dead easy.
 
Status
Not open for further replies.

Similar threads

Your Twitter account might be compromised. Check your following. Hackers are using it to follow boost nft twitter account's
Opinion
8
1K
Saber replied
[WSJ] LastPass, a Password Manager With Millions of Users, Is Hacked (No user data was compromised)
News Clickbait
46
3K
Jinzo Prime replied
Introducing Steam Families
Platform 2 3
144
8K
Robot Carnival replied
Xbox's automated 'moderation' systems need to be scrapped. Microsoft has fired thousands of customer service employees, and replaced them with AI
Opinion News Drama 2
93
7K
StereoVsn replied
Flipboard Hack Exposed Usernames, Email Addresses and Hashed Passwords
1
402
AV replied
Top Bottom