Support NeoGAF

[Like the hat?]

woke up this morning to see that my gmail password had been changed. hooray.

got everything fixed up though. stupid me uses the same password for a ton of things, though. The only thing I don't use the same password for is my bank account. So needless to say I've spent all morning trying to remember what websites I use that would have my password and going around changing things.

I don't remember ever doing anything on a gawker website, but who knows. the only thing I know is that I signed up for a commenting account on kotaku like 4 years ago, which I never actually got.

do i need to download that list to figure out what is going on, or is that md5 thing enough? using that, my info was definitely on there.

 

[crowphoenix]

Follow these steps:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/DataSource?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If it does then your password has been compromised and sooner or later will be hacked if they feel like it.

None of my three e-mail addresses came up. I hope that means I'm ok. But, what is that first site?

 

[Shao Kahn Brewing a Stew]

None of my three e-mail addresses came up. I hope that means I'm ok. But, what is that first site?

First site is an MD5 Encrypter. The user who uploaded the email addresses to google spreadsheet encrypted them so that others can search for it without revealing your email address.

Do note that if email address doesn't show up, that does NOT mean that you didn't create a Gawker account. try logging in to Kotaku or any affiliated Gawker website with your common usernames (e.g. crowpheonix) and see if it shows up (in crowpheonix's case, it doesn't).

A ban toll of only two so far? I guess GAF escaped relatively unscathed

(oh my poor eyes)

I know a couple more of people from GAF whom password are out there and matches with GAF's. The ones that I recognize, I've PM-ed and they have been changed. The ones that I don't recognize... God help us all for more Lemon party awaits! :lol

 

[Jinfash]

Are we SURE that all the compromised passwords haven't been removed yet from Gawker's databases? a friend confirmed that my account is on the leaked list, but I'm trying to log in using every password I remember using and none of them works.

 

[CharlieDigital]

Are we SURE that all the compromised passwords haven't been removed yet from Gawker's databases? a friend confirmed that my account is on the leaked list, but I'm trying to log in using every password I remember using and none of them works.

Same here.

 

[crowphoenix]

First site is an MD5 Encrypter. The user who uploaded the email addresses to google spreadsheet encrypted them so that others can search for it without revealing your email address.

Do note that if email address doesn't show up, that does NOT mean that you didn't create a Gawker account. try logging in to Kotaku or any affiliated Gawker website with your common usernames (e.g. crowpheonix) and see if it shows up (in crowpheonix's case, it doesn't).

Yeah, I checked my usual user names, passwords, and e-mail addresses on Kotaku. Nothing came up, but I still feel like I created an account there years ago. Regardless, this just proves that I need to do a better job managing my passwords. Especially to my important accounts.

And thanks for the links to how to check the leak. That gave me a little peace of mind.

 

[Jinfash]

I'm getting too paranoid to just wait and see, gonna change all my passwords. Sigh.

 

[dude]

Just to be sure, if I did this:

Follow these steps:

1. http://pajhome.org.uk/crypt/md5/
2. Enter your email address under "Input", and click on "MD5". Copy the "Result".
3. http://www.google.com/fusiontables/D...?dsrcid=350662
4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If it does then your password has been compromised and sooner or later will be hacked if they feel like it.

And found nothing, I'm 100% in the clear?

 

[freitax]

facebook connect bitches!! dodged that shit like the matrix, I use the same password (kinda strong) for a lot of things :x

 

[Shao Kahn Brewing a Stew]

Just to be sure, if I did this:

And found nothing, I'm 100% in the clear?

99% clear.

To be 99.99% clear, go to kotaku and try logging in with your usual username/password. If it works then BAM, THERE IT IS. If it doesn't then you're good to go.

To be 100% clear, you have to remember if you made a Kotaku/Gawker account or not. Shouldn't be that hard!

EDIT: And with that, I'm out. All the help should be in this thread by now. If you need more help, PM me. I shall be sleeping now for the next 5 or so hours. 10am :/

 

[dude]

99% clear.

To be 99.99% clear, go to kotaku and try logging in with your usual username/password. If it works then BAM, THERE IT IS. If it doesn't then you're good to go.

To be 100% clear, you have to remember if you made a Kotaku/Gawker account or not. Shouldn't be that hard!

EDIT: And with that, I'm out. All the help should be in this thread by now. If you need more help, PM me. I shall be sleeping now for the next 5 or so hours. 10am :/

I tried, but I don't remember what password I used on Kotaku... Changed all of my password anyway, though, as I was going to do that anyway. Thanks.

 

[MIMIC]

Someone from Homeland Security has their account listed :lol

EDIT: Just a search for ".gov". Wow. From now own if I want to comment on an article of any kind, I'm going to make a separate email account and a separate password just for it.

mimicwantstocomment@hotmail.com

 

[Fjolle]

Are we SURE that all the compromised passwords haven't been removed yet from Gawker's databases? a friend confirmed that my account is on the leaked list, but I'm trying to log in using every password I remember using and none of them works.

Yea. I can't seem to login to kotaku either. Maybe someone has changed my password?

Or can anyone link me to a guide on how to find the salt and bruteforce finding my password :lol

 

[xclaw]

If you just use the change my password link on one of their sites and stick in your email, it'll dump you a new password. I couldn't log in until I did this so perhaps they mass disabled the accounts or something....

 

[rainking187]

They got my facebook, but I took it back. Probably would have been more devastating if it weren't for the fact I've used it like twice. Apple is trolling me when it comes to changing my password. Wouldn't let me change my password because I didn't enter a year for my birthdate, but it only displays day and month options for my birthdate. Where the fuck am I supposed to put the year? Finally managed to go around that and get it changed.

 

[CharlieDigital]

They got my facebook, but I took it back.

woke up this morning to see that my gmail password had been changed. hooray.

Wait, so you guys have already been hacked because of this leak?

Damn that's fast given the sheer number of accounts.

 

[IrishNinja]

aw, that sucks - not only did my gmail come up on that search (pass already changed), but so did my registered email at kotaku, which kicks back to my own domain. =/ i dont think they can do much there, all the passwords i use at my forum are totally different, but i went & changed my bank, paypal, amazon, facebook etc shit just in case.

went & grabbed the torrent to verify: cold comfort in not being on the dumb list :lol

 

[Like the hat?]

Wait, so you guys have already been hacked because of this leak?

Damn that's fast given the sheer number of accounts.

yeah, sucked. they had done my gmail, facebook, and twitter. probably would have gotten gaf, too, but I use a different email for gaf.

luckily they didn't buy anything on my amazon or itunes or anything, and luckily I was able to get everything back.

 

[dragonlife]

Just to be sure I'm doing it right I would narrow the results by changing the middle option in the Google link to "starts with," "contains," etc., for the MD5 code. Nothing came up for any of the e-mails I used.

I honestly can't for the life of me remember if I even made a damn account on Kotaku. I know I visited it a lot back then and I think I commented once so I had to make an account...or I felt like making an account to comment...but I can't remember which one!

I even Googled myself and Kotaku but no Kotaku links came up, just me mentioning it on other forums. I did change all my passwords, though, just to be safe.

Is there a member search on Kotaku? Is it even safe to go there/try logging in?

 

[shantyman]

So, one of my email addresses showed up with the domain name. I assume that means I have an account with Gawker using that email address. Guess i have to reset?

 

[cuevas. PhD.]

I looked at my account history and my last post was on a lifehacker post a few months ago on an article about protecting your passwords...

 

[ChocolateCupcakes]

So, one of my email addresses showed up with the domain name. I assume that means I have an account with Gawker using that email address. Guess i have to reset?

Why would you even question this? Change your password now.

 

[dragonlife]

So, one of my email addresses showed up with the domain name. I assume that means I have an account with Gawker using that email address. Guess i have to reset?

 

[shantyman]

Sorry for the rhetorical statement. I cannot sign into any Gawker site and am still awaiting the password reset email.

Should not be bad though because I must have signed up for Kotaku before my current spate of passwords.

 

[Jinfash]

So far I've changed my passwords on:
Gmail
Yahoo
Hotmail
Facebook
Twitter
Paypal
Amazon
Steam
PSN
iTunes
Frequented forums.

What did I miss? WHAT DID I MISS?

 

[Alucrid]

So far I've changed my passwords on:


What did I miss? WHAT DID I MISS?

Xbox Live?

 

[rainking187]

Wait, so you guys have already been hacked because of this leak?

Damn that's fast given the sheer number of accounts.

Yeah, they used my Facebook to advertise a free PS3 giveaway. That was basically it. I'm glad they hit my Facebook instead of my GAF account, losing that would have been terrible. Facebook spam? Not so much.

 

[Seth C]

you're thinking of s p o n g

You're right. I think so poorly of both that at some point the two have just sort of combined in my mind.

 

[shantyman]

Still have not gotten my password reset email. Should it take very long?

 

[Deleted member 1235]

Xbox Live?

fuck yeah change that shit if you have to, microsoft password is linked to all my education shit as well.

 

[Soybean]

I don't think it's that crazy to have a password like "qwerty" for forum posting and such. Many people have different tiers of password security with financial being at the top, and blog commenting towards the bottom.

 

[D4Danger]

Xbox Live?

this is a good one to remember because it uses Live ID (which Microsoft use for everything)

change your password here -> https://account.live.com

also, OpenID if you use it. same thing.

 

[SimleuqiR]

Well my main gmail address is there. :lol
I went to all websites I use for purchasing stuff (Amazon, eBay, PayPal, etc) and changed my e-mail address to one I had created not too long ago. Passwords are different for each account, but you can never be too careful.

GAF is on a totally different account, just like my Bank account. So no worries.

I had created an account with Lifehacker years ago...profile doesn't even show post history or anything. I have used Twitter a couple of times to comment/post...that's about it.

 

[Wolf Akela]

I still don't understand why my e-mail isn't in that Google docs link though. I sure hell have an account at Kotaku.

 

[Jinfash]

Xbox Live?

It's linked to hotmail/Live. Change that and you're good to go.

 

[D4Danger]

I still don't understand why my e-mail isn't in that Google docs link though. I sure hell have an account at Kotaku.

I don't know if they got them all. I doubt Gawker will confirm that so if it's not there you're probably ok but change your passwords anyway if you have any doubts.

 

[Metalmurphy]

I still don't understand why my e-mail isn't in that Google docs link though. I sure hell have an account at Kotaku.

What google docs link? There are 2 database files, one of them doesn't have all the accounts.

 

[Cmagus]

yuh my email is there luckily it isn't my work email.What the hell was Gawker thinking let's taunt hackers like you know they will go after you and it was reckless to anyone who is affiliated or uses their site.I certainly won't be going to Kotaku anymore if this stuff is gonna happen.

 

[Hex]

While what they did was stupid, I do not understand the mentality where it is ok for sites to call them out but when they respond it is so wrong.
Gawker brought it on themselves, and anyone whose password is on that list should be pissed at them, not the ones that broke in.

 

[Like the hat?]

While what they did was stupid, I do not understand the mentality where it is ok for sites to call them out but when they respond it is so wrong.
Gawker brought it on themselves, and anyone whose password is on that list should be pissed at them, not the ones that broke in.

gawker is exactly who I'm pissed at. Although if this groups problem was with gawker, they didn't have to screw all the users over. I've been changing passwords and stuff for like 3 hours now.

 

[Alucrid]

While what they did was stupid, I do not understand the mentality where it is ok for sites to call them out but when they respond it is so wrong.
Gawker brought it on themselves, and anyone whose password is on that list should be pissed at them, not the ones that broke in.

No, you can be pissed at both. Gawker for having no security in place and 'Gnosis' for being hardasses and releasing all the data. If they had, say, released everything but left something out, like the passwords, I wouldn't have a problem. But this isn't just getting back at Gawker, this is fucking over tons of people. I'm also pissed at the little shits going, 'teehee, let's use these passwords to 'hack' people's accounts.'

 

[Jinfash]

While what they did was stupid, I do not understand the mentality where it is ok for sites to call them out but when they respond it is so wrong.
Gawker brought it on themselves, and anyone whose password is on that list should be pissed at them, not the ones that broke in.

My pass was on the list, I have no problem with what the hackers, because I think it was Gawker's responsibility to protect their userbase. You want to call Anonymous out Mr. Big Balls? do it from your personal blog, where you're not sitting on the private info of a million+ users, protected by elementary level security measures.

 

[Enco]

Motherfuckers. I hate people who pull this shit.

Script kiddies is putting it nicely.

 

[Valkyr Junkie]

No, you can be pissed at both. Gawker for having no security in place and 'Gnosis' for being hardasses and releasing all the data. If they had, say, released everything but left something out, like the passwords, I wouldn't have a problem. But this isn't just getting back at Gawker, this is fucking over tons of people.

Exactly. They would have accomplished the exact same thing even with leaving out commenter details.

 

[Jinfash]

Exactly. They would have accomplished the exact same thing even with leaving out commenter details.

No, they wouldn't.

 

[xclaw]

Anyone have a mirror to the full story/code dump on pastebin?

 

[panda21]

if this helps people realise what an unscrupulous obnoxious bunch of jackasses gawker are i guess its a good thing in a way.. they really dont deserve all the hits they get, they are just very good at milking sensationalised cookie cutter articles with almost zero content.

 

[Alucrid]

if this helps people realise what an unscrupulous obnoxious bunch of jackasses gawker are i guess its a good thing in a way.. they really dont deserve all the hits they get, they are just very good at milking sensationalised cookie cutter articles with almost zero content.

So people possibly having valuable information or their identities stolen is worth showing that an already established shit site is in fact shit?

 

[Valkyr Junkie]

No, they wouldn't.

Yes, they would.

They wouldn't have lost any imaginary "e-cred" by saying "We could have decrypted all of the account passwords in the database if we wanted to, but we decided just to do the ones of the Gawker editors since they're the d-bags we have beef with."

 

[Hugbot]

I still don't understand why my e-mail isn't in that Google docs link though. I sure hell have an account at Kotaku.

If you're searching that link for the MD5 code for your e-mail and not just typing your e-mail in, you may not have associated an e-mail account. Either way, since you know you have one, just change the password on it (to something you have never used before and will never use again) and change your password on any site that has the same password.

Exactly. They would have accomplished the exact same thing even with leaving out commenter details.

They wouldn't have accomplished anything close to this.

Yes, they would.

They wouldn't have lost any imaginary "e-cred" by saying "We could have decrypted all of the account passwords in the database if we wanted to, but we decided just to do the ones of the Gawker editors since they're the d-bags we have beef with."

The fallout from actually posting all of them is way bigger than just posting the staff's and holding the rest hostage. The latter gives gawker wiggle room to say they're doing their best to protect them and keep them out of the public, by releasing them they are clearly and definitively showing that gawker has failed to do so. Plus it's way more effective to actually see a database of names/pws being torrented around than it would be for them to claim to have it tucked away.