RESET YOUR PASSWORD: Anonymous hacks Gawker; exposes passwords and email addys
 

---

-+-{Important TFP Staff Message}-+- A couple of things to note here: Because many people use the same password and login at many sites, this one was brought to my attention by willravel. My action to this is just like I did when we were subject to an XSS exploit earlier this year, I have required everyone to reset their passwords again. I'm sorry for the inconvenience, but I'd rather be safe than sorry.

So those of you who find Anonymous fun, enjoyable exploits etc. with their attacks on the Church of Scientology and Wikileaks opponents, how do you feel about something like this? What if they took out their attacks on TFP? Would you still find it amusing?

It think there is a big difference between white and black hat hackers. In the old days the white hats were few and far between. Today, there are lots of them but they are still outnumbered by the black hats. I have never thought of Anonymous as being white hatted.

What are you talking about, with this Anonymous, and why are you speaking as though it is a person and/or organization that many others have found to be funny(/"amusing") in the past? (I don't even know what this is.)

And, the metaphoricalization between white / black hats confuses me even more (are you speaking in terms of virtual vigilante justice, and whether some view this as very good, or very bad)?

If this is just news about hackers doing what their title both implies and exhibits, I'm not ever going to be surprised. The term 'hacker' inherently already has a strong negative connotation, so I'm not sure where the 'white-hatted' / 'black-hatted' picture fits. What [working, self-employed] hacker can you think of that does his "trade" for the "greater good"? Is this going to be a discussion of the merits of a semi-infamous Hacker Clan, or just a notice that they are increasingly becoming more a public nuisance / domestic underminers?

Jetee, either you've missed all the things that Anonymous (which is an organized group) has done in the past 2 years or you've been under a rock. There are "white hat" hackers that expose issues in websites and software so that they can be fixed. They don't exploit the holes, and sometimes they're paid for their services. There are actually businesses that do exactly that - look for security holes. Sometimes they're soliticed, sometimes not.

I think that if you're interested, you need to read what's here at TFP as well as what's readily available in the media. This is no small story.

Regarding the immediate subject: Gawker.com Says Its User Database Was Compromised : NPR

Regarding Anonymous in general: Anonymous (group) - Wikipedia, the free encyclopedia

No, I get it, and have contributed in these hacker discussion before, but I've never known they were called as one, the Anonymous.

I've always thought of "white hatted" hackers as a misnomer/contradiction. I don't beleive they ever really refer to themselves as such in occupation, but that could just be my naive assumption. Scripters, programmers, intel-services, sure, but what respectable company actually goes onto Monster.com searching for "hacker"?

Onto the real issue, I don't quite see the story here. Security Breaches are sure, a cause for concern in any organization, community, government whatever, but this group (is there even a confirmation, whatever that may be: a virtual signature of 'you've been had!', which has been discovered that this Anonymous Clan, alone, perpetrated this? I have yet to find one in the above, or on MSNBC, nor in LATimes sources.) hasn't done too much damage, in my opinion. Gawker.com, if I'm not entirely wrong, is just a (inter-connected, expansive) blog; a daily-news, sometimes-political, nearly-always just commentative, but all the same, it is just a blog.

Perhaps I've become jaded, as living for a few seasons in the Ukraine, you are actually afraid to go online because of the rampant hacking there; (and it's wild; various Russian polls and articles state, in small variances, that the average age of a hacker is 9-15 years old.) and it's not just small-stuff. No fewer than five former Eastern-bloc countries have gone public that they have had online govermental security breaches, and since late 2007, have begun contracting US-counter intel mercenaries (.. or, as you might like to refer to them, "white hatted hackers).

- - -

Thanks, SMeth. I'll do a little back-history reading on what this online nusiance group has done, and perhaps they also state 'why?'.

- - -

semi-related: http://www.tfproject.org/tfp/general...light=password

I'm confused. I should be concerned if I follow one of the 'gawker' blogs?...because I don't believe I do.

The reason why this breach is noteworthy is because Gawker is not just a single site, but a whole network of very popular sites that reach a wide range of people (celebrity gossip, tech geeks, sci-fi geeks, porn hounds, and everything between). Now, if someone hijacks my commenting account on Lifehacker, it's not really that big a deal... but they would also have my e-mail address, and if the password is the same that means they get into my e-mail too. From there, they can cause all sorts of trouble.

No, it's not some 15 year old gaining access to missile launch codes, but that doesn't mean it's not a serious issue worth taking precautions against.

---------- Post added at 05:53 PM ---------- Previous post was at 05:51 PM ----------

Even if you did, you might still be fine. You should be concerned if you have an account to comment on any Gawker Media site. If all you did was look at the site from time to time, you're safe.

For those who may not be aware, here is a list of Gawker Media's sites:

* Gawker.com - New York City media and gossip
* Gizmodo - Gadgets and technology
* Kotaku - Video games
* Jalopnik - Cars and automotive culture
* Lifehacker - Productivity tips
* Deadspin - Sports
* Jezebel - Celebrity, Sex, Fashion for women
* io9 - Science fiction
* Fleshbot - Porn
* Gawker.tv
* Cityfile
* Valleywag - San Francisco and Silicon Valley gossip
* Gawker Artists - Contemporary/Rising Art Registry
* Defamer - Hollywood news and gossip
* Sploid - News,Games/Tech
* Defamer Australia - Australian and Hollywood gossip
* Gizmodo Australia - Gadgets and technology
* Kotaku Australia - Games and gaming industry coverage
* Lifehacker Australia - Tips, tricks, tutorials, hacks, downloads and guides

ok, because I have looked at their list of sites and I don't follow any of them, and for certain have never left a comment at any of them.

nor i...

We don't have a way to selectively weed out those who did post there, and since this is such a massive data breach, the prudent thing is to get everyone to change their passwords. Especially considering that we have more than 1 person who did comment there (Smeth and me, for those of you playing along at home - and I've asked a total of 4 people, although that math is unscientific). It's a hassle, but we've got everyone's best interest at heart here. Thanks for understanding.

I didn't think that I ever posted there. I got an email yesterday evening saying I did. I posted there when Consumerist was housed by Gawker. That password was a through away password which I don't use for anything sensitive, just logins for comments like NYtimes, Consumerist, etc.

Was I supposed to see some sort of prompt forcing me to change my password? If so, then something's not working quite right since I was never prompted. It's not a big deal to me since my account and password is a throwaway that I don't use for sensitive personal stuff.

thanks. Nope oversight by me. The usergroups here are pretty intricate and your usergroup got missed.

I never got a prompt either.

I am also missing from the prompt list; I even logged out to try to force it.

reset it.

yay

if anyone hacked my forum acount on any forum at all, i'd scream!

I never got a prompt either and there's no way to login and reset via tapatalk. You may want to send out a mass email or something so people know they have to log on to the site via the Internet.

My Facebook got accessed due to this leak. I'm kinda hoping they saw that pastafarian was listed as my religious belief and left it alone. :) There were no traces left behind other than FB security thing telling me someone logged into it from Los Angeles.

Here's an update, via the New York Post.


(Apparently, the collaborative website hack was perpetrated by a group that calls itself 'Gnosis', according to representatives of Gawker, and investigators at the FBI.)

I'll say the same thing I did in the mod forum. If you read any Gawker Media sites regularly enough that you have an account, you deserve to have your identity stolen.

And I'll repeat that Lifehacker is the only Gawker Media site worthwhile ;)

io9 is okay.

I just got my prompt today. I was worried for awhile that this request was a hack.
I'm glad I took a leap of faith and found this thread.

got the prompt, did the deed

thanks

I was actually planning on starting a thread on this very thing, but apparently got beaten to the punch.

Password changed. I don't actually know if I had a Gawker Media login, but better to be on the safe side.

Irony alert:

I bitching on Facebook about how it's stupid that all these sites like LinkedIn and Amazon (and now TFP) are making you change your password because of the Gawker hack, and how no one should be using the same password for stuff like that.

And then I remembered I made a throwaway account on Kotaku once to post on a video game story. So I downloaded the torrent of the password DB, and sure enough, my username, password, and email address were in plain text.

Better still, the 'throwaway' password I used since I didn't ever anticipate logging into any Gawker sites again, was the password I use for TFP, because when I first joined it was for the porn and the password was a throwaway. The same throwaway as Kotaku throwaway. It was a dictionary word, the worst for brute force.

TFP password changed to something a bit more secure, since I no longer view it as throwaway. :)

I think you should apologize for falsely accusing Anonymous... ;)

They are a good example of showing true 'good' anarchism at work. People are free to make their own minds up if they support one of their causes or not. I'm not sure if they are organized enough to offensively hack into anything as a group however.

I gave them the benefit of the doubt and read the entire front page. Nothing I care about and didn't already know.
Good things Anonymous has done:

1: Organized protests against Scientology
2: Decreased the standards of discourse on the Internet so I can act smug and feel superior.

It would have been nice to receive an email or something about this. I was locked out of my account for a week. Partially due to stupidity on my part, but if I had an email I would have taken care of it much sooner.

As an aside, hackers are a necessary evil. And even the good guys know deep down that they are hackers, even if they want to call themselves security consultants.

I'm not alone.