Gawker.com and a range of other website run by Gawker Media suffered breaches by hackers over the weekend that are spreading to Twitter.
The attacks caused the sites connected to Gawker Media to stop publishing any new material and led to Gawker encouraging users to change their passwords.
The security breach is rather embarrassing for Gawker which admitted that its databases hold information on approximately one million registered user from sites such as Gizmodo and Jezebel, writes the WSJ (subscription). Deadspin, io9, Jalopnik, Kotaku, and Lifehacker were also believed to have been hit according to recent tweets.
“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords,” said the statement.
With Gawker repeatedly highlighting the shortcomings of other websites’ lack of security, its own failure has prompted a swift climb down on the subject.
“We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”
Although so far no one has taken responsibility for the successful attacks, the word going around Twitter is that 4Chan could be the source of the attacks.
Now it is believed that hackers are using Gawker forum passwords to access Twitter accounts to spread the ‘acai berry’ spam attack linked to an advert, which is reportedly causing problems with tens of thousands of accounts today.
Twitter’s official support page says: “The “acai berry” spam attack looks to be connected w/ the Gawker hack rather than a worm.” It urges users with Gawker accounts to change passwords.
Meanwhile Jeff Atwood, or @codinghorror, says “do not taunt 4Chan, ever” – though the Pastebin link appears to be dead.