Hackers could use leaked Gawker info to attack government workers
Gawker apologized for the breach and urged users to change their passwords. If that password was used for accessing other sites or for other e-mail accounts, Gawker recommended that users change it for those destinations and accounts as well.
Hackers have already demonstrated that trying the leaked passwords works.
Earlier today, the head of Twitter's Trust and Safety team claimed that a spam campaign launched against users of the micro-blogging service had used Gawker account passwords to access Twitter accounts secured with the same passwords.
"Got a Gawker acct that shares a [password] w/your Twitter acct?" said Del Harvey in a Twitter message. "Change your Twitter [password]. A current attack appears to be due to the Gawker compromise."
Later Monday, she said, "The Gawker hack and resultant compromised passwords and e-mails bled over to Twitter."
One security expert said it is almost certain other attacks relying on the leaked e-mail addresses and passwords will follow.
"You can bet on it," said Andrew Storms, director of security operations with nCircle Security. "[Hackers] have already shown a propensity to use the data ... and there is no doubt it will be used again."
The problem, of course, stems from people using only a few distinct passwords for all the online accounts they accumulate, a fact that security professionals have repeatedly pointed out.
"I always tell people that with online services, the complexity of the password is not as important as the uniqueness," said Storms in an instant message interview. "Meaning to use different passwords for different sites [and not to use] your work e-mail [account]."
Storms urged government network administrators to take note of the leaked information, and reach out to their users.
"They should be using this warning in the [Anonymous] chat room about potential re-use of passwords as a chance to get out of cubeland and warn users," he said.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!