In December 2010 Gawker Media‘s entire network of websites was affected by an exploit that preyed on both staff and visitors. More than 1.5 million accounts were compromised by the attacks, and users’ email addresses and their respective passwords were posted online for all to see.
If you are an active participant on any of Gawker’s websites then you’ll probably have changed your password by now (hint: do it). However, if you’re not sure whether you’ve contributed any comments and would like to know for sure then you can check your email against the list to get the answer you need. You can then take appropriate action if you’ve fallen foul to the leak.
Why Such A Big Deal?
There’s a reason you’re strongly encouraged to use different passwords for different services. Had you signed up to Gawker’s commenting system with your usual personal email address and used the same password you use to log into said email address then your email and password combination is freely available for all to see.
It has emerged since last month’s attacks that a considerable amount of .gov, .edu and .mil (US military) email addresses were included in the leaked database. If these individuals had used the same password for their email login then government, education and military email addresses would be potentially compromised.
According to the hackers 2,650 used “password” or “qwerty” as a password including one .gov address, three .mil addresses and 52 from .edu addresses.
This is a prime example of how using a variety of passwords can really save your bacon. Should someone gain access to your email account then personal information like online banking or web hosting details is at the mercy of the intruder.
Ok, I’m Sufficiently Scared
Good, so you’ll probably want to check if you’re on the list. As the whole network of sites used the same shared commenting system, every Gawker site was affected. Many of these sites are popular and renowned for breaking news, reviews and their quirky nature.
Outlets include Lifehacker, Gawker (main site), Gizmodo, Kotaku, Fleshbot, io9, Jalopnik, Jezebel and Deadspin. If you have ever made a comment and used your own valid email address then you really should have changed your Gawker password, and any other services that use the same password.
To check whether you’ve been affected you’ll first need to change your email address into an MD5 hash, which you can do here. Simply enter your email in full, click md5 and copy the result to your clipboard.
With your MD5 saved, go here and click Show Options. From the first drop-down box select MD5 and in the text field paste your MD5 hash and click Apply Filter.
If nothing appears then you’re home dry, your account has not been compromised and you can sleep easy. If you do see a matching row but you’ve changed your password already – no worries, you acted fast.
If you see a matching row and have not changed your password then you’ll want to change your Gawker password and any other passwords that match.
If you need a bit of help coming up with a couple of passwords, we’ve got an article covering that but please be careful and don’t use too many shared passwords.
Did you get stung by Gawkergate? Learned your lesson from shared passwords? Still using “password” as your password? Tell us all about it in the comments below.
Image Credit: Shutterstock