New York based media company, Gawker Media, was under cyber attack for more than 24 hours on December 11, 2010. Cyber criminals using the name Gnosis managed to infiltrate the Gawker Media blog network systems that serve owner Nick Denton’s numerous popular blogs such as; Gawker, Lifehacker, Gizmodo, Deadspin, Fleshpot, Jalopnik, Kotaku, Jezebel and Io9.
The hacking group Gnosis not only claimed responsibility for the massive cyber breach, but also provided proof of the hack on Gawker’s own homepage, which proved they had access.
The taunts from these hackers didn’t stop there either. After delving deep into Gawker’s computer systems and stealing more than a quarter of a million passwords from the website’s database, including owner Nick Denton’s password, Gnosis proceeded to dump the data on the Internet for all to see and use. The data dump contained user names, passwords, source code, emails, comments, and real-time email exchanges between employees while the cyber attack was occurring, some of which were (embarrassing) not good PR for the company. The cyber hacking group claimed they had targeted Gawker because of the “arrogance” of the company’s management team and the sites inadequate and outdated security.
There would certainly seem to be a retaliatory note in the air since the hackers made a point of humiliating Gawker’s owner Nick Denton and many of his top staff by publishing embarrassing and less than intelligent security decision email exchanges regarding security incidents that occurred a month before this major breach occurred.
Although the hackers claimed no affiliation with Anonymous or 4Chan, whom Gawker staffers and Nick Denton had been publicly and privately sparring with in recent months, Gnosis did post portions of email barbs stolen from Gawker’s private back channel, publishing taunts Denton and his staff made towards 4Chan saying, “We Are Not Scared of 4Chan Here” and “Nick Denton Says Bring It On 4Chan”.
As a result of the hackers’ posts and the compromised data, Gawker Media sites posted the following to its users and recommended changing their passwords:
FAQ: Compromised Commenting Accounts on Gawker Media
On December 12th, we discovered that Gawker Media’s servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you’re a commenter on any of our sites, you probably have several questions.
We understand how important trust is on the internet, and we’re deeply sorry for and embarrassed about this breach of security—and of trust. We’re working around the clock to ensure our security (and our commenters’ account security) moving forward. We’re also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and and what we’re doing to fix things.
We’ll continue to update this FAQ throughout this process.
Additional Resources About This Breach: