See if your Gawker account was compromised

[InvisiBill]

In case you somehow missed the news, Gawker's source code and databases were compromised. This includes sites like Gizmodo, Lifehacker, Kotaku, and io9.

1. Go to http://www.google.com/fusiontables/DataSource?dsrcid=350662.
2. Use Show Options in the upper left to filter for the domain of your email address.
3. If your domain is found, get the MD5 hash of your email address at http://pajhome.org.uk/crypt/md5/ or with a shell command like echo -n [email protected]|md5sum (or whatever other MD5 tool you prefer).
4. Search for your email's hash using Show Options again.

This doesn't show any passwords; it will just let you see if you're in the list without having to download the torrent and search through it.

If your account is in here, and you used that password anywhere else, change it at the other places. Don't worry about updating your Gawker account(s) yet, as they've already got your info and have shown that they have security issues to deal with. However, change your password anywhere else it was used to protect those other accounts.

 

[AMD_Gamer]

how do you search for your hash value with show options?

my problem is, I don't remember what password I used for gawker. I had an account with them but I think it was to enter some contest a few years back. I never post comments or login.

 

[jiminator]

excellent, thanks. not in the list. I think this is the second time they have been compromised? Anytime I have tried using the account my comments wind up in moderator hell. I wish I could just delete it....

for prev question, show options, filter md5 = your email md5, apply

 

[AMD_Gamer]

strange my MD5 comes up with nothing?

 

[jiminator]

if the list is comprehensive enough then you are good.

 

[Ur_Mom]

Nope. No domain of mine, and my gmail account isn't on there. As a good gay would say: FABULOUS!

 

[mrgstiffler]

Well fucking shit! I thought I was OK since I connected with Facebook. Apparently that created a local account.

 

[kevinzak]

Mine's there. Changed my passwords even though it was pretty damn complex. Way to be responsible, Gawker.

 

[Electrofreak]

Negative on mine. Awesome, thanks for the tip!

 

[dembring]

Nope. No domain of mine, and my gmail account isn't on there. As a good gay would say: FABULOUS!

Lol - if good gay = feminine gay

With thats said I'm not on the list! Thanks for this! Sorry to the folks who have been compromised.

 

[dr.kevin]

i downloaded the list off of pirate bay.
I specifically checked the aol email addresses (as they tend to be the dumber internet users), and a good handful of people use the same email/password combo for their regular email account.

One of them even had a spammer sending thousands of 'single link' spam emails right under her nose.

never use your email address password for message boards.

 

[mrgstiffler]

i downloaded the list off of pirate bay.
I specifically checked the aol email addresses (as they tend to be the dumber internet users), and a good handful of people use the same email/password combo for their regular email account.

One of them even had a spammer sending thousands of 'single link' spam emails right under her nose.

never use your email address password for message boards.

I didn't know that it was released. Only a handful of the passwords are decrypted though, right? Are the non-decrypted passwords also on there? The Pirate Bay blocks my work, so I can't download it right now.

 

[dr.kevin]

I didn't know that it was released. Only a handful of the passwords are decrypted though, right? Are the non-decrypted passwords also on there? The Pirate Bay blocks my work, so I can't download it right now.

handful?

185000+ gawker accounts were decrypted, and they are all there to download.

my spam account was one of them.


It's fucking amazing how so few people know anything about basic internet security.
I even found someone who typed his whole credit card number, code, billing address, everything, in an email. Someone could just order something expensive, wait for its delivery, and run off with it.

 

[mrgstiffler]

I just downloaded it with one of our anonymous connections. My account is indeed in there, but not one of the decrypted ones. Time to hand it off to our forensics guys and see how long it takes their machines to crack it.