Passwords: Convenient often = compromised…

Did I get Gawkered?

Here is a head’s up in two ways…

This weekend we discovered that Gawker Media’s servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you’re a commenter on any of our sites, you probably have several questions.

via FAQ: Compromised Commenting Accounts on Gawker Media.

These usernames/ email addresses and passwords were then made available on the internet.  So, if you have commented or registered with a Gawker Media site, the username, and/or email address used AND the password may have been compromised.  To be safe, change your password at any of the Gawker sites.  Additionally, look to change ANY other account that may be using those same credentials. Think about bank accounts, email accounts, insurance, etc… the compromised username/email addresses and passwords could easily be used to to penetrate other sites and accounts.

One of the security companies that has been investigating and going through the compromised information has created a way to easily see if your specific information was stolen and released. Duo Security, one of the companies reviewing the compromised data, found additional nuggets of information:

The top 25 passwords as ranked by Duo ranged from the absurdly easy-to-guess to the unintentionally hilarious, with [first place is “12345” and second place is “password” itself] “12345678” in third place, “monkey” in seventh, “letmein” in tenth, and “trustno1” — a reference to the “Trust No One” expression popularized by the TV series “The X-Files” — in thirteenth.

via Gawker hack analysis reveals incredibly weak passwords | Topics | Macworld.

The convenience of “easy” passwords should be (must be) weighed against the very really possibility that username and passwords easily guessed or compromised can and WILL be used against you on other sites.  While many think, “oh, it is not a big deal, I have nothing on that site that matters…” that may be true for THAT site… the question to ask yourself is what OTHER sites are leveraging those same credentials? We lock our cars, we lock our homes, we lock our offices, desks, and bicycles… Why make it easy for someone we have never met, who is possible across the world, to have access to our digital presence…

I wrote about this in the past, and I am sure that I will be writing about it again in the future. The moral of the story: Change Your Passwords!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s