Gawker passwords exposed "six months ago"

The hack at Gawker Media which exposed some 1.3 million user names, emails and passwords, happened six months ago, not at the end of December as previously thought.

According to The Guardian newspaper, hackers had access to the gossip site Gawker's content management system (CMS) and password files for around six months, rather than the few days suggested by the company.

Sources connected to the break-in told The Guardian the server was cracked using a "local file inclusion" weakness and a hacking group then worked through the system to access passwords and source code, sources told the newspaper.

The suggestion goes against information issued by Gawker after the hack came to light that stated the hackers only had access "briefly" to the site.

The hacking of Gawker and its associated sites led to the usernames, email addresses and passwords of 1.3 million registered users of the sites being made available - among them, those for Gawker staff including its chief Nick Denton. The hackers discovered Denton had used the same password for Gawker and for other sites such as Campfire, used by his company to coordinate its work. That allowed them to access those sites and find sensitive details including chats between members of the company.

print this article

Return to security news headlines
View Security News Archive

Share with: