Gawker account breach
Posted: 2010-12-15 06:28pm
OK, I did a search before posting but apologies if this has already been posted somewhere I missed.
As many of you are probably aware, Gawker (behind gizmodo, lifehacker and many more sites) had their security breached by some 4chan clown over the weekend and now lots of account details are out there in the wide world on bittorrent. If you ever commented there then your passwords need reset (particularly if you use the same one elsewhere, you'll need to change them). See Gawkers official response on http://lifehacker.com/5712785/#10. Apart from moaning and doing a general update and change of passwords, I thought I'd check that I'm not too compromised. So I downloaded the file to see what had been released about myself. And I'd appreciate some thoughts on the results to help me feel a bit safer here, if anyone can take a moment.
Firstly so many people are torrenting this its scary, took <10 minutes to download 500 mB. And all the account email addresses etc are there with many with their passwords... LOTS of people are reading these details right now.
But it turns out its not quite what I thought. My email is there - unencripted so I expect to get spammed to hell soon, but there is no password just the text NULL. So I assume this means that its safe and I don't need to panic here?
The other thing is that there's another account there that I suspect might be another of mine due to the name (I did a search for every account name I use to make sure) and which has an encrypted password against it. However it has no email address. My feeling is that if I managed to see what the password was then I'd be able to tell if that another one of mine I forgot about. Assuming that its a reasonably strong password am I fairly safe that it won't be decrypted soon, or am I screwed if that is my account? And does the number of characters in the encryption relate to the number in the password?
I've tried logging into this account on gawkers sites and if it is mine then I seem to have used a weird password that I've not used elsewhere. I'm hoping that means its was just a one-off or that it maybe even isn't mine and just a weird co-incidence, but I'm still uncomfortable that it might be de-cryptable to someone in a reasonable time scale.
As many of you are probably aware, Gawker (behind gizmodo, lifehacker and many more sites) had their security breached by some 4chan clown over the weekend and now lots of account details are out there in the wide world on bittorrent. If you ever commented there then your passwords need reset (particularly if you use the same one elsewhere, you'll need to change them). See Gawkers official response on http://lifehacker.com/5712785/#10. Apart from moaning and doing a general update and change of passwords, I thought I'd check that I'm not too compromised. So I downloaded the file to see what had been released about myself. And I'd appreciate some thoughts on the results to help me feel a bit safer here, if anyone can take a moment.
Firstly so many people are torrenting this its scary, took <10 minutes to download 500 mB. And all the account email addresses etc are there with many with their passwords... LOTS of people are reading these details right now.
But it turns out its not quite what I thought. My email is there - unencripted so I expect to get spammed to hell soon, but there is no password just the text NULL. So I assume this means that its safe and I don't need to panic here?
The other thing is that there's another account there that I suspect might be another of mine due to the name (I did a search for every account name I use to make sure) and which has an encrypted password against it. However it has no email address. My feeling is that if I managed to see what the password was then I'd be able to tell if that another one of mine I forgot about. Assuming that its a reasonably strong password am I fairly safe that it won't be decrypted soon, or am I screwed if that is my account? And does the number of characters in the encryption relate to the number in the password?
I've tried logging into this account on gawkers sites and if it is mine then I seem to have used a weird password that I've not used elsewhere. I'm hoping that means its was just a one-off or that it maybe even isn't mine and just a weird co-incidence, but I'm still uncomfortable that it might be de-cryptable to someone in a reasonable time scale.