Gawker Password Hacks Promts High Security
The hack at Gawker Media earlier this week, which exposed some 1.3 million user names, emails and passwords, has caused quite a stir.
While the passwords were encrypted, a good deal of them were easily brute forced, as security firm Duo Security illustrated by the use of simple cracking tools. They quickly cracked a third of the passwords spilled, revealing a lack of security in the password analysis, with folks choosing silly, easily guessable passwords such as "123456".
The fallout from the affair continues, because according to a BBC report, users on sites such as Twitter, Yahoo and LinkedIn are being asked to change their passwords for safety's sake.
That's because people often use the same password across different web accounts, in another unwise security move. There was a notable outbreak of spam on Twitter after the Gawker affair, with ne'er-do-wells hijacking accounts and tweeting about diet pills. Twitter noted: "A current attack appears to be due to the Gawker compromise."
Even some World of Warcraft players have been asked to switch their password to something different, presumably those who have used some of the easily guessable passwords exposed by the Gawker spill.
If nothing else, this is another wake up call not to use supremely simple passwords, and not to use the same password across multiple accounts, something security experts have been banging on about for ages.
Return to security news headlines
View Security News Archive