Massive Gawker Data Breach Could Lead to Cyber-Attacks on Government Agencies
You probably heard that over the weekend, a group of hackers orchestrated an enormous security breach of Gawker Media data, leaking the usernames, email addresses and passwords of some 1.3 million users, among other information. (I say "probably heard" because just about every media outlet under the sun has picked up on the story, many of them out of a sense of schadenfreude toward Gawker, which many regard as the Big Bad Wolf of online publishing.)
According to NewsHour, the cyber-attackers also leaked, via bit torrent, "a select sub-list of what appear to be e-mail addresses and passwords of employees from federal, state and local government agencies," which have been "parsed separately for potential future attacks."
[The government worker data] may have been used as part of Operation Payback, or another one of the initiatives launched by the so-called "Anonymous" cyber movement that has grown in scope since the release of secret documents by the web site WikiLeaks.
The list appears to include a wide range of government agencies from King County in Washington State to mission controllers at NASA to a chief of staff for a member of Congress.
The list is accompanied by a note that instructs other hackers to "try to gain access" to the government workers' email accounts, noting that "these people more than likely use the same [passwords] everywhere." As NewsHour points out, such attacks are both commonplace and relatively easy to carry out:
More than 1,958 people on the Gawker list used the word "password" as their password. Several people use the same e-mail addresses, usernames and passwords across multiple social media sites as well their work e-mail accounts. Exploiting these sorts of vulnerabilities is common practice.
The attack allegedly occurred because of "an on-going online war of egos between members of 4Chan, an anonymous content uploading and collaborative site; the Anonymous group, who have recently begun attacking websites; and [Gawker founder Nick] Denton and his staff."
If you had an account on any of the Gawker websites (Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot), here's information on what to do.