informa
2 min read
article

Hack Of Gawker Media Sites Puts 1.3 Million Passwords At Risk

Individuals claiming responsibility for attack say they are not affiliated with Anonymous protests over WikiLeaks
Individuals claiming to be part of the hacker group Gnosis are contacting the press to explain their attacks on the popular Gawker Media sites during the past 24 hours.

According to a report in the publication Mediaite, a member of Gnosis says his group's attacks have nothing to do with the group Anonymous, which has been launching DDoS attacks on major websites in protest over the treatment of WikiLeaks.

The writer says Gnosis has retrieved some 274,000 passwords of the nearly 1.3 million that reside in Gawker's extensive database. The group published an article on Gawker that contains a link to the compromised code, and it has reportedly sent samples of unhashed user data to some media.

But the attack has nothing to do with WikiLeaks, according to the writer. It was initiated primarily because of the "arrogance" displayed by Gawker administrators who were talking about WikiLeaks and suggested hackers should "bring it on."

"We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database," the writer reportedly told Mediaite. "I mean, if you say things like ['bring it on'] and attack sites like [Anonymous], which we are not affiliated to, you must at least have the means to back yourself up. We considered what action we would take, and decided that the Gawkmedia 'empire' needs to be brought down a peg or two. Our group's mission? We don’t have one."

The writer says Gnosis intends the attack, in part, as a lesson on security.

"Gawkmedia has possibly the worst security I have ever seen," the writer says. "It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code, and their database is publicly accessible."

Gnosis has promised to publish "full source code" to the Gawker Media site, as well as a database dump and a document describing the site's security failings.

Gawker Media reportedly has told users they should change their passwords.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.