comScore

Far Worse Than Previously Thought: Gawker Content Management System Hacked

Earlier today Gawker confirmed earlier reports that their commenter system had been hacked. Now we know that the security breach is much worse – the Content Management System also appears to have been compromised as well.The following story was recently published on Gawker, and the current editor Adrian Chen just announced via Twitter “FYI: That post linking to a torrent of our source code was not written by me. We’ve been hacked.” Update: the fake post published by the hacker has been removed from the site is back up!

The text of the post reads:

We have discovered various copies of our source code available for download from HERE.
We ask you to NOT download this, as this WILL infringe our copyright.

On the one hand, please know that we at Gawker Media take your information VERY seriously, all user data is protected and looked after in accordance with our policy.

However, we do not believe our data has been compromised, so please relax on that front.

We protect our data with UNIX Standard hash encryption method crypt(3), which is absolutely 100% impossible to crack.

We follow the most stringent, industry standard, methods in order to ensure the integrity and safety of your data. We hope that despite the full disclosure of GANJA, we still hold our iron grip on our data.

Due to the leak of the GANJA framework from within our company, we have entered into the process of complete code review to enhance and enforce our privacy policy.

The link leads to a Pirate Bay page where it appears users are able to download the leaked database of Gawker commenters. A screen cap of that page (the text of which follows):


So, here we are again with a monster release of ownage and data droppage.
Previous attacks against the target were mocked, so we came along and raised the bar a little.
Fuck you gawker, hows this for “script kids”?
Your empire has been compromised, Your servers, Your database’s, Online accounts and source
code have all be ripped to shreds!
You wanted attention, well guess what, You’ve got it now!

Contents:

./database
– Database dump (1.3+ million rows), including cracked passwords.
./source
– Source dump
./gawker_redesign_beta.jpg
– Upcoming redesign
./readme.txt
– Read this for some background info and lots of juicy passwords
./server_list.txt
– List of gawker server kernel versions.

While we have already stated we are not 4chan or anonymous, these quotes amuse us:
Brian M.
The headeline of your post should be “Suck on This, 4Chan”
Maureen O.
I like the call to make today Everybody Write About 4chan Day
Hamilton N.
Nick Denton Says Bring It On 4Chan, Right to My Home Address (After The Jump)
Ryan T.
We Are Not Scared of 4chan Here at 210 Elizabeth St NY NY 10012

— #Gnosis, where is your god now? —

Have a tip we should know? tips@mediaite.com

  1. Mediaite
  2. The Mary Sue
  3. RunwayRiot
  4. Law & Crime
  5. SportsGrid
  6. Gossip Cop