According to reports, the FBI has opened an investigation into the hack that compromised Gawker Media's Websites.
The FBI is looking into the recent hack of Gawker Media
that exposed password information and e-mail addresses belonging
to users, according to reports
A group known as "Gnosis" has taken credit for the attack, and put
the data it swiped into a file that was initially available via The Pirate Bay
Rumors of the hack began to circulate Dec. 11, and Gawker confirmed
them with a warning a day later. According to the company, the breach
impacted users of several sites, including users of Gizmodo, Gawker and
Deadspin. In addition, the attackers made off with user names and
passwords for Gawker's staff, as well as Gawker's source code and chat
logs of discussions between employees.
The password information was encrypted, but was still vulnerable to being cracked-a fact underscored by the subsequent compromise of Twitter accounts
to some users. Many of those passwords were simplistic-an analysis by
Duo Security found the most common passwords were "123456" and "password
There are so many Websites that ask users to create a password that
it is impossible to keep track of them all, said Richard Stiennon,
chief research analyst at IT-Harvest. People treat many of these sites
as inconsequential, and therefore don't bother to create strong
passwords they will immediately forget, he added, something that is
fine for a media site such as Gawker, but more problematic for things
such as e-mail or Facebook accounts.
"(The) No. 1 best practice is never use a word that can be found in
the dictionary," he said. "A simple way to create a hard-to-guess
password is to use the first letter of each word in a phrase. -When IT
Rains it Pours' becomes WIRIP. Add a number to make it eight characters
long - WIRIP421. Change the "I" to "!" and you have a pretty
strong password you can remember: W!R!P421. Do that for sites you
pay for and ones that are important to you."
In a "Frequently Asked Questions"
in response to the incident, Gawker advised users to reset their
passwords. In addition, the company said it is bringing in an
independent security firm to improve its infrastructure security.