The credit for the breach of Gawker Media has been claimed by a group that goes by the name of Gnosis, and was apparently a way to get back at the company, its staff and its founder Nick Denton, for attacking publicly 4Chan.
Their claim seems to ring true, since a lot of the material published – including the Campfire logs of conversations between Gawker staff and their various passwords used for a variety of online services and within the network – is evidently aimed at shaming them personally.
As ti turns out, Denton himself does not follow the the advice that LifeHacker.com (one of the Gawker Media sites) provided for its readers regarding the creation of strong passwords – he used the same password for his Google Apps, Twitter and Campfire accounts, and a weak one at that.
Gnosis has also harvested some 1.3 million login credentials that belong to users that have created a Gawker account in order to comment on the various sites of the media group, so they are advised and notified by e-mail about the need to change their passwords – especially if they use the same one for many online services.
“Passwords in our database are encrypted (i.e., not stored in plain text), but they’re still potentially vulnerable to hackers,” they say in a notification that went online on all the sites belonging to Gawker Media. Users who were logging in via Facebook Connect have not had their passwords compromised, since Gawker does not store them. They can also rest easy if linked their Twitter account with their Gawker Media account. “However, if you used the same password for your Twitter account as you did on your Gawker Media account, you should change it immediately,” they say, because it seems that that is how a huge amount of Twitter accounts got compromised and used to push out spam.
According to The Next Web Gnosis has created a single torrent file that contains all the information and offered it for download on The Pirate Bay.