Use Kotaku, Gizmodo, etc.? Go change your password!

Gaming-related threads & forum meta.
Post Reply
User avatar
MentholMoose
Virtual-On Positive
Posts: 2045
Joined: 15 Dec 2008, 22:06
Gamertag: MentholMoose
PSN: MentholMoose_
Location: California
Contact:

Use Kotaku, Gizmodo, etc.? Go change your password!

Post by MentholMoose »

If you haven't heard, Gawker (the parent of Kotaku and other sites) was hacked, and the (apparently partial) password database was leaked. The passwords are encrypted so it's not too bad since getting your password requires a brute force attack. However, if you use any of their sites, you should still go change your password there. I know Kotaku is popular among members here, so I thought I'd provide a heads up. More details here:
FAQ: Compromised Commenting Accounts on Gawker Media

You can apparently check if your password was leaked. I'm registered at Kotaku and my password was apparently leaked. :cry: This article shows how to check and has some other details:
How to check if your password was exposed
MentholMoose
User avatar
guarayakha
Virtual-On Positive
Posts: 243
Joined: 26 May 2009, 07:41
Location: Malaysia

Re: Use Kotaku, Gizmodo, etc.? Go change your password!

Post by guarayakha »

So i tried the md5 thing, and i got no results from the google fusion table....so I should be okay, right?

Man, what a hassle it is to change to a new password when you've gotten used to typing the old one in seconds, haha. Goddamn gnosis :evil:
User avatar
MentholMoose
Virtual-On Positive
Posts: 2045
Joined: 15 Dec 2008, 22:06
Gamertag: MentholMoose
PSN: MentholMoose_
Location: California
Contact:

Re: Use Kotaku, Gizmodo, etc.? Go change your password!

Post by MentholMoose »

You should be OK as long as you followed the instructions correctly and the MD5 of your email address didn't show up. You can also search the spreadsheet by domain; not useful if you use Gmail, but if you use a work email or have your own domain, it will show up. I can see that there is one oratan.com account compromised, so that (currently) could only be me.

One thing I didn't mention is that besides the password hash, unencrypted emails were leaked. So, if your account details were leaked, watch out for SPAM, possibly targeted. I got one that said my Gawker password was compromised, and it had some links that looked suspicious. I actually got it before I heard about the compromise, so I initially disregarded it as SPAM.

Yet another issue is if you use that email and the same or similar password to register at other sites. The email I use with Gawker is also registered at LinkedIn (with a different password), and my LI account got locked out this morning for security reasons (they provided no further explanation). I guess it's probably a coincidence, but anyone with the password database can try to brute force passwords and use them at other sites.
MentholMoose
User avatar
MentholMoose
Virtual-On Positive
Posts: 2045
Joined: 15 Dec 2008, 22:06
Gamertag: MentholMoose
PSN: MentholMoose_
Location: California
Contact:

Re: Use Kotaku, Gizmodo, etc.? Go change your password!

Post by MentholMoose »

Update on the LinkedIn issue I had. It was actually a proactive measure taken by LinkedIn. Apparently they obtained the list of email addresses affected by the Gawker breach, cross-referenced it to their own account database, and disabled any account using the same email address.
MentholMoose
Post Reply