Twitter And LinkedIn Users Urged To Change Passwords

Website administrators are rushing to encourage users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised earlier this week.

Yahoo, Twitter and LinkedIn have all asked users to change their details, as well as online game World of Warcraft, which has more than 12 million subscribers – because it is feared that Gawker readers may be recycling the same passwords on other sites.

Analysis of the stolen passwords from Gawker shows that the most popular password among users was “123456”, followed by “password” and “12345678”. Other common terms included “monkey”, “qwerty”, “consumer” and “lifehack”. (Gawker runs a blog called Lifehacker).

According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.

“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”

Gawker passwords on The Pirate Bay

Gawker Media’s servers were hacked by a group calling itself Gnosis over the weekend, resulting in the theft of thousands of user account names and passwords. Although the passwords were encrypted, they were soon cracked and posted on The Pirate Bay.

Soon after the data was hacked, many of the Gawker users – who hold commenter accounts for use on Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot – also had their Twitter accounts hijacked because they had used the same password there.

The FBI has reportedly opened an investigation into the hack.

The Pirate Bay was compromised itself earlier this year, after ethical hackers stole up to four million passwords in order to expose the site’s weakness. Argentinian Malware researcher Ch Russo and two colleagues used an SQL injection attack to get access to Pirate Bay’s database of users, and emailed journalists their password details to provide they had done so.

SQL injection flaws are well known and often demonstrated. Recent victims include social networking site Rockyou, a Yahoo! jobs site, and a recruitment site run by The Guardian newspaper.

Sophie Curtis

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago