Gawker Media Security Breach

Gawker Media has experienced a data confidentiality breach that has disclosed passwords on all Gawker Media sites including Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, and Deadspin.

If you have an account at a Gawker website, you should change the password immediately.   If you use the same password on other websites those passwords should be changed as well.

Be aware of phishing schemes pretending to be security announcements about this event.  To change your password use a known valid URL to visit the website, log into your account and change the password.   Do no click on a URL in an email.

If a username/password combination used at gawker were also used with your ISP webmail account, an attacker could then log into your mailbox to find additional passwords.   An attacker could request a password reset, which would be mailed to that mailbox allowing him/her to access more highly valued accounts.  

Many of the compromised accounts belonged to Government employees.   Employees are reminded that accounts are for business use.  Personal accounts should be used when registering at shopping and other non-business websites.

From time to time, website account databases are compromised.     You can protect yourself by using different passwords for each remote websites   Password managers such as LastPass can be used so you don’t have to remember each password.

For more information on this Gawker breach see a writeup in Forbes