Gawker websites, Twitter hacked and spammed by 'Gnosis'
Gawker and its ring of blogs, as well as Twitter, were hacked this weekend by a group calling itself "Gnosis."
Gawker said thousands of its commenter usernames and passwords for its blogs were broken into and Gnosis said its hacking of the network of blogs led it to breach of e-mail address belonging to banks, federal government employees and NASA.
"This weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot," Gawker said in a post on its Lifehacker blog.
"We understand how important trust is on the Internet, and we're deeply sorry for and embarrassed about this breach of security -- and of trust. We're working around-the-clock to ensure our security (and our commenters' account security) moving forward," Gawker said.
Gawker has so far denied the link between the two hacking incidents.
"We never stored Twitter passwords from users who linked their Twitter accounts with their Gawker Media account," Gawker said. "However, if you used the same password for your Twitter account as you did on your Gawker Media account, you should change your password immediatley."
Due to the hack, Gawker sites were unable to publish blog posts. Gawker.com had no new blog posts from Sunday afternoon until about 2 a.m. Monday -- which is a notable period of down-time for the prolific blog known for its snarky celebrity and political gossip posts.
An official at Jezebel, Gawker's blog aimed at female readers, tweeted, "I'd write a post about how we've been hacked and can't publish, but we've been hacked and can't publish."
Gnosis leaked files of Gawker statistics and thousands of its commenter usernames and passwords on various hacker forums and websites after its breach of Gawker servers.
An anonymous source identifying itself as one of the Gnosis hackers told the news blog Mediaite that the group attacked Gawker because of its "arrogance."
"It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database," the source told Mediaite.
"We have been cracking the database for about 17 hours and have managed to retrieve 273,789 passwords," the source told the blog. "If our release schedule wasn’t so tight we could get 500,000-plus. Included in the dump are passwords linked to accounts from NASA, about every .gov domain you could imagine and hundreds from banks. One can only pray that they do not use the same password everywhere."
-- Nathan Olivarez-Giles