Website administrators are rushing to encourage users to change their passwords, after a data breach at online publisher Gawker Media resulted in about 200,000 login details being compromised earlier this week.
Yahoo, Twitter and LinkedIn have all asked users to change their details, as well as online game World of Warcraft, which has more than 12 million subscribers – because it is feared that Gawker readers may be recycling the same passwords on other sites.
According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.
“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”
Gawker Media’s servers were hacked by a group calling itself Gnosis over the weekend, resulting in the theft of thousands of user account names and passwords. Although the passwords were encrypted, they were soon cracked and posted on The Pirate Bay.
Soon after the data was hacked, many of the Gawker users – who hold commenter accounts for use on Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot – also had their Twitter accounts hijacked because they had used the same password there.
The FBI has reportedly opened an investigation into the hack.
The Pirate Bay was compromised itself earlier this year, after ethical hackers stole up to four million passwords in order to expose the site’s weakness. Argentinian Malware researcher Ch Russo and two colleagues used an SQL injection attack to get access to Pirate Bay’s database of users, and emailed journalists their password details to provide they had done so.
SQL injection flaws are well known and often demonstrated. Recent victims include social networking site Rockyou, a Yahoo! jobs site, and a recruitment site run by The Guardian newspaper.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…