Jump to content
IGNORED

Gawker Media (Kotaku etc) hacked

Willei

By Willei
in Discussion

 Share

Recommended Posts

Willei

Willei

Posted
Posted

Didn't see a thread for it, so this is a heads up for people with Kotaku accounts. Apparently the full list of accounts with emails and passwords was taken, so you'd be wise to change your password if you used the same one anywhere else.

Full story here:

http://pastebin.com/9rRmf6W5

Gawker's response:

http://gawker.com/5712615/commenting-accounts-compromised-++-change-your-passwords

To find out if you are affected (credit: shagg_187 at NeoGAF)

1. http://pajhome.org.uk/crypt/md5/

2. Enter your email address under "Input", and click on "MD5". Copy the "Result".

3. http://www.google.com/fusiontables/DataSource?dsrcid=350662

4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If ANYTHING shows up on the search result (e.g. xxxx.com where xxxx is the domain of your email address) it does then your password has been compromised and sooner or later will be hacked if they feel like it.

3
Link to comment
Share on other sites
Asura

Asura

Posted
Posted

Didn't see a thread for it, so this is a heads up for people with Kotaku accounts. Apparently the full list of accounts with emails and passwords was taken, so you'd be wise to change your password if you used the same one anywhere else.

You sure it's safe to put details into that site?

Also, just had a check and I don't use that email/password combo for any other service (and don't use it for my email address either) so I should be OK.

Link to comment
Share on other sites
Willei

Willei

Posted
  • Author
Posted

You sure it's safe to put details into that site?

Also, just had a check and I don't use that email/password combo for any other service (and don't use it for my email address either) so I should be OK.

Into Kotaku? I'd leave that for now at least until they've upped their security and this all blows over. That's if you want to trust them again.

Into the spreadsheet? All you're doing is calculating the MD5 of your email address and searching for it in a Google spreadsheet. You can work out the MD5 via some other means if you don't trust the linked site, and there's no reason you should.

Link to comment
Share on other sites
Alex W.

Alex W.

Posted
Posted

Didn't see a thread for it, so this is a heads up for people with Kotaku accounts. Apparently the full list of accounts with emails and passwords was taken, so you'd be wise to change your password if you used the same one anywhere else.

Full story here:

http://pastebin.com/9rRmf6W5

Gawker's response:

http://gawker.com/5712615/commenting-accounts-compromised-++-change-your-passwords

To find out if you are affected (credit: shagg_187 at NeoGAF)

1. http://pajhome.org.uk/crypt/md5/

2. Enter your email address under "Input", and click on "MD5". Copy the "Result".

3. http://www.google.com/fusiontables/DataSource?dsrcid=350662

4. Click on "Show Options" and change the filter to "MD5". Paste the copied "Result" and see if it shows up on search. If ANYTHING shows up on the search result (e.g. xxxx.com where xxxx is the domain of your email address) it does then your password has been compromised and sooner or later will be hacked if they feel like it.

If you registered with or added an email address, you should hash that and search for it. However you should also search for your username. The passwords were encrypted so although they are "out there" they have not necessarily been compromised, they would have to be decrypted first. I think they'd have to do a brute force attack so although they could probably bust any arbitrarily chosen alphanumeric password in a relatively short period of time, they're probably not going to go ahead and crack the entire list. Also if your password is much more than eight characters, Gawker just plain didn't record anything beyond character 8, so it should be relatively safe. Well, not on Gawker, obviously.

Edit - Not that you shouldn't change your password if you show up in the file.

Link to comment
Share on other sites
Rudderless

Rudderless

Posted
Posted

Hmm. I had a Kotaku account (which I barely used). Had no problems, then I put my email address into that site to check whether I was at risk (it didn't show up so I assumed I was safe) and since then my Twitter and my Gmail have both been targeted. I'd ignore that and just change your passwords if any were the same as your Kotaku one.

Link to comment
Share on other sites
Quexex

Quexex

Posted
Posted

I didn't even know I had a gawker account until I logged into facebook and it suggested that there had been some unusual activity on my account...

Fuuuuuckkkk

Spent most of the morning changing all my accounts to new crypto especially those with a credit card on them ... FFS!

Link to comment
Share on other sites
Quexex

Quexex

Posted
Posted

Yeah, it turns out that the passwords are actually very very cracked and they've been using them to spam twitter like crazy.

Ah Twitter ... forgot about that, off to change another password (although I think my crypto was different on twitter)

Link to comment
Share on other sites
dayte

dayte

Posted
Posted

I use the same password on other sites as I have on engadget, but different emails. Am I OK?

And even if someone uses the same email for different sites, surely once the hackers try the password they already have and fail, more likely than not they'll move on rather than try the new one? I'm worried for my twitter feed, which uses the same email but has a vastly different password.

Link to comment
Share on other sites
dayte

dayte

Posted
Posted

The username is completely different but the email is the same as the hacked engadget one. I don't know how I can protect my twitter account further, should I just leave the password as it is? Maybe change the email associated with the twitter account?

Link to comment
Share on other sites
  • 1 year later...
Asura

Asura

Posted
Posted

They've just announced today that soon, you'll only be able to log into Gawker (Kotaku etc) using a Google, Facebook or Twitter account, claiming that it eases the burden on them for security. I don't like linking accounts willy nilly though so I'll just stop using Kotaku.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Use of this website is subject to our Privacy Policy, Terms of Use, and Guidelines.

  I accept