More than 1.3 million user id and passwords from Gawker Media have been compromised after a hacker attack. The websites affected include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot. These are websites that requires user to register an account before commenting.
If you have an account with any of the Gawker website, then your user id and password is most likely compromised. Those using Facebook Connect are safe.
Here’s the problem. If you one of those who re-use your passwords across several websites login, you might want to go change all your passwords NOW. A recent spam attack on Twitter is linked to the Gawker password leak. It appears that the spammers used the leaked Gawker password and tried to login on Twitter. Those who use the same passwords for both Twitter and Gawker websites are hit. And we can be pretty sure there will be more such attack happening over the next few days across different sites. So change all your password.
ComputerWorld posted a useful guide on how to check if your account is affected by the leak. To be safe, I suggest that you do a quick check just in case.
Step 1: Go to http://pajhome.org.uk/crypt/md5/, enter an e-mail address in the ‘Input’ field, click the ‘MD5’ button, then copy the hash from the ‘Result’ field.
Step 2: Go to http://www.google.com/fusiontables/DataSource?dsrcid=350662, click ‘Show Options,’ then paste the already-obtained hash in the field to the right of the ‘=’ symbol. Change the left-most field to ‘MD5.’ Click ‘Apply.’
If the e-mail address is among those compromised, the search will show a result.
The best way to protect yourself is to have a unique password for all accounts you have.