OK, I did a search before posting but apologies if this has already been posted somewhere I missed.
As many of you are probably aware, Gawker (behind gizmodo, lifehacker and many more sites) had their security breached by some 4chan clown over the weekend and now lots of account details are out there in the wide world on bittorrent. If you ever commented there then your passwords need reset (particularly if you use the same one elsewhere, you'll need to change them). See Gawkers official response on http://lifehacker.com/5712785/#10. Apart from moaning and doing a general update and change of passwords, I thought I'd check that I'm not too compromised. So I downloaded the file to see what had been released about myself. And I'd appreciate some thoughts on the results to help me feel a bit safer here, if anyone can take a moment.
Firstly so many people are torrenting this its scary, took <10 minutes to download 500 mB. And all the account email addresses etc are there with many with their passwords... LOTS of people are reading these details right now.
But it turns out its not quite what I thought. My email is there - unencripted so I expect to get spammed to hell soon, but there is no password just the text NULL. So I assume this means that its safe and I don't need to panic here?
The other thing is that there's another account there that I suspect might be another of mine due to the name (I did a search for every account name I use to make sure) and which has an encrypted password against it. However it has no email address. My feeling is that if I managed to see what the password was then I'd be able to tell if that another one of mine I forgot about. Assuming that its a reasonably strong password am I fairly safe that it won't be decrypted soon, or am I screwed if that is my account? And does the number of characters in the encryption relate to the number in the password?
I've tried logging into this account on gawkers sites and if it is mine then I seem to have used a weird password that I've not used elsewhere. I'm hoping that means its was just a one-off or that it maybe even isn't mine and just a weird co-incidence, but I'm still uncomfortable that it might be de-cryptable to someone in a reasonable time scale.
Gawker account breach
Moderator: Thanas
-
General Zod
- Never Shuts Up
- Posts: 29211
- Joined: 2003-11-18 03:08pm
- Location: The Clearance Rack
- Contact:
Re: Gawker account breach
Just as well that I've been banned from both the Gawker sites I commented on.
"It's you Americans. There's something about nipples you hate. If this were Germany, we'd be romping around naked on the stage here."
Re: Gawker account breach
Those idiots used DES? It's been vulnerable to brute-force attacks for years.
-
Edward Yee
- Sith Devotee
- Posts: 3395
- Joined: 2005-07-31 06:48am
Re: Gawker account breach
Considering that I didn't create a separate Gawker account, just used Facebook Connection, should I take Gawker at their word that my Facebook profile wasn't compromised? (They claim to have never stored the Facebook passwords.)
"Yee's proposal is exactly the sort of thing I would expect some Washington legal eagle to do. In fact, it could even be argued it would be unrealistic to not have a scene in the next book of, say, a Congressman Yee submit the Yee Act for consideration. 
" - bcoogler on this
"My crystal ball is filled with smoke, and my hovercraft is full of eels." - Bayonet
Stark: "You can't even GET to heaven. You don't even know where it is, or even if it still exists."
SirNitram: "So storm Hell." - From the legendary thread
" - bcoogler on this"My crystal ball is filled with smoke, and my hovercraft is full of eels." - Bayonet
Stark: "You can't even GET to heaven. You don't even know where it is, or even if it still exists."
SirNitram: "So storm Hell." - From the legendary thread