Website administrators are rushing to encourage users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised earlier this week.
Yahoo, Twitter and LinkedIn have all asked users to change their details, as well as online game World of Warcraft, which has more than 12 million subscribers – because it is feared that Gawker readers may be recycling the same passwords on other sites.
According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.
“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”
Gawker Media’s servers were hacked by a group calling itself Gnosis over the weekend, resulting in the theft of thousands of user account names and passwords. Although the passwords were encrypted, they were soon cracked and posted on The Pirate Bay.
Soon after the data was hacked, many of the Gawker users – who hold commenter accounts for use on Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot – also had their Twitter accounts hijacked because they had used the same password there.
The FBI has reportedly opened an investigation into the hack.
The Pirate Bay was compromised itself earlier this year, after ethical hackers stole up to four million passwords in order to expose the site’s weakness. Argentinian Malware researcher Ch Russo and two colleagues used an SQL injection attack to get access to Pirate Bay’s database of users, and emailed journalists their password details to provide they had done so.
SQL injection flaws are well known and often demonstrated. Recent victims include social networking site Rockyou, a Yahoo! jobs site, and a recruitment site run by The Guardian newspaper.
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
Elon Musk firm touts cheaper EV models, as profits slump over 50 percent in the…
Bad news for Tim Cook, as Counterpoint records 19 percent fall in iPhone sales in…
TikTok pledges to challenge 'unconstitutional' US ban in the courts, after President Joe Biden signs…