Last night Gawker Media‘s servers were thoroughly hacked.
A group of hackers released the database of usernames, emails and passwords of its 2.5 million commenters, as well as the source code of its proprietary technology architecture.
Briefly last night the Gawker.com site was hacked, a new post not authored by anyone showing on the page.
This is where we tell you everything you need to know, from whether your information was compromised and what you need to do about it, to who did it and why, and what does it mean.
Gawker Media has a huge database including the emails, usernames and passwords of their commenters on their sites, meaning Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.
So first of all, if you ever commented on one of these sites, you should change your password right now, and change your password on any other sites where you used that email/password combination.
The passwords are encrypted, but it might be possible for hackers to either reverse-engineer the encryption using stolen Gawker data, or to determine the passwords using brute force techniques. So to be on the safe side you should change your passwords right now.
One of the things that this has helped uncover is just how many people still use 'qwerty' or 'password' as passwords. This is one reason why people should use secure passwords on the internet, meaning a password using letters and numbers and can't be guessed by a human or a computer.
According to LiveNewsWire, the passwords compromised include those of Arianna Huffington as well as several employees of government agencies. A username/password combination was already used to attack Department of Homeland Security systems.
Commenters who logged in using Facebook Connect or Twitter haven't been compromised, because Gawker doesn't store those passwords.
Startup Hint did something that Gawker didn't do, which was take all the emails and email everyone whose account has been compromised and tell them to change their password.
Most reports focus on the comments data, because that's where personal data was compromised, and that's most visible, but from a business perspective the most damaging event might be the leaking of Gawker's source code. (Source code is the computer code used to write programs.)
A big part of Gawker's success that doesn't often get mentioned is its powerful content management system (CMS), the type of software that media sites like Gawker (and Business Insider) use to publish articles. Gawker's CMS is reportedly state of the art, and the product of many iterations and learnings. With an advanced CMS, a media site can tell which articles are taking off and highlight them to viewers, maximizing pageviews and traffic to the site, which means more engaged viewers and higher ad revenue.
Unlike many websites which use off-the-shelf CMS systems like WordPress (although often customised), Gawker has its own custom CMS. With that source code leaked, unscrupulous competitors can copy many of Gawker's techniques. Its CMS is a big part of its 'secret sauce.'
Like after the murder of an unpopular figure in an Agatha Christie novel, there are many likely suspects for Gawker's hacking. People mentioned hackers connected to online messageboard 4chan, which Gawker has criticised and even taunted in the past, daring 4chan to hack them. 4chan had previously attacked Gawker with denial of service attacks, which only take down or slow down a site for a while.
However, credit for the attack was taken by a group named Gnosis, who say they're unconnected to 4chan or Operation Payback. They say they chose Gawker because of their 'outright arrogance' (and, we guess, because it's one of the best targets if you want publicity), and that it only took them a few hours to break into Gawker's databases.
The hackers also posted a notice warning they might delete all of Gawker's data as well as its backups, which would have been 10 times worse. We're assuming that's no longer possible and Gawker has bolted down everything, but with these sorts of things you can never know.
The hackers also posted a screenshot of an alleged chat between Gawker editors where they act wholly unconcerned about the news of commenter accounts being compromised, referring to commenters as 'the peasants.'
Gawker is also being criticised for not responding fast enough. When they became aware of the breach they didn't tell anyone until other media outlets had reported on it, even though it meant more time for hackers to compromise accounts of unsuspecting commenters. They haven't emailed all commenters whose accounts have been compromised to tell them to change their passwords, letting unrelated startup Hint do it.
And even though they've technically apologized for the whole thing, the apology doesn't sound very, well, apologetic.
This isn't just embarrassing for Nick Denton's media empire, this could potentially turn devastating to his business.
Commenters are a huge asset of Gawker Media's site. Both directly, because they mean a more engaged readership and higher ad revenue and, more importantly, indirectly, by providing material and linking to Gawker sites from their own blogs. Gawker Media's commenters are a special bunch, in every sense of the term, and given the gossipy nature of the site, protecting their identity is hugely important. And they're a huge competitive advantage -- one of the things that set Gawker apart from the zillions of other blogs out there.
If because of this breach, commenting drops off on Gawker's sites, this could mean a huge hit to Gawker's business in the long term.
Reuters blogger Felix Salmon and Gawker Media critic recommends that Gawker Media shareholders sell their shares.
In the latest move in this story, these commenter IDs were used to compromise Twitter accounts and propagate spam throughout the service.
Here's some more facts on this story.
Our previous reporting:
- Our original post on the breach
- Our post on the Gawker.com hacking
- A look inside Operation Payback, the pro-WikiLeaks hackers
- Gawker's post on the breach
- The Lifehacker FAQ on compromised accounts (read this if you ever commented on a Gawker Media site!)
- A good summary at Mediaite, which originally broke the story
- Another good summary at Village Voice
- Reuters blogger Felix Salmon's take
Business Insider Emails & Alerts
Site highlights each day to your inbox.