Twitter And LinkedIn Users Urged To Change Passwords

The hack of Gawker Media over the weekend has prompted other major sites to advise users to change their passwords

Website administrators are rushing to encourage users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised earlier this week.

Yahoo, Twitter and LinkedIn have all asked users to change their details, as well as online game World of Warcraft, which has more than 12 million subscribers – because it is feared that Gawker readers may be recycling the same passwords on other sites.

Analysis of the stolen passwords from Gawker shows that the most popular password among users was “123456”, followed by “password” and “12345678”. Other common terms included “monkey”, “qwerty”, “consumer” and “lifehack”. (Gawker runs a blog called Lifehacker).

According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.

“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”

Gawker passwords on The Pirate Bay

Gawker Media’s servers were hacked by a group calling itself Gnosis over the weekend, resulting in the theft of thousands of user account names and passwords. Although the passwords were encrypted, they were soon cracked and posted on The Pirate Bay.

Soon after the data was hacked, many of the Gawker users – who hold commenter accounts for use on Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot – also had their Twitter accounts hijacked because they had used the same password there.

The FBI has reportedly opened an investigation into the hack.

The Pirate Bay was compromised itself earlier this year, after ethical hackers stole up to four million passwords in order to expose the site’s weakness. Argentinian Malware researcher Ch Russo and two colleagues used an SQL injection attack to get access to Pirate Bay’s database of users, and emailed journalists their password details to provide they had done so.

SQL injection flaws are well known and often demonstrated. Recent victims include social networking site Rockyou, a Yahoo! jobs site, and a recruitment site run by The Guardian newspaper.