Consider this a public service message: Hundreds of thousands of Twitter accounts have been compromised by hackers who are now using the victims’ accounts to tweet about the Acai Berry diet. The Twitter spam appears to be tied to this weekend’s attack on Gawker Media’s servers, home to popular weblogs like LifeHacker, Gizmodo, Gawker, io9, Jezebel, Kotaku and others.
Because so many people use the same username and password combination for different Web services, the Twitter spammers were able to use the email addresses and passwords retrieved from Gawker’s servers to take control of the Twitter accounts in question. No doubt this is only the beginning of the ramifications associated with this major security breach.
The Twitter spammers are not likely to be the same hackers as those who actually broke into Gawker Media’s Web servers. Instead, like most spammers, they’re opportunists.
?Over the weekend, up to 1.3 million passwords were stolen off of Gawker’s servers by a hacker group called Gnosis and then publicly shared on torrent site The Pirate Bay, for anyone and everyone to download.
?According to security firm Sophos, which spoke with Del Harvey, Twitter’s director of trust and safety, the spam messages about the Acai Berry diet appear to be posted from accounts where people were using the same username and password as they did on Gawker’s network.
?Clicking the spam links on Twitter will take you to a page where the diet solution is being sold.
Details of the Data Breach
The attack on Gawker was orchestrated by a group calling itself Gnosis, which at first appeared to be affiliated with 4chan. The 4chan site is the Internet imageboard where memes like Rickrolling and lolcats were born, and more notably, where members of the hacking group Anonymous are known to congregate. Anonymous is the group behind the vigilante-style Web attacks on companies and organizations that refused to support Wikileaks, including payment processors like MasterCard, Visa and PayPal, to name a few.
However, Gnosis claims to have no affiliation with either Anonymous or the 4chan board, according to the message text included in the password file dump posted online over the weekend.
That said, the attack seems to be associated with a previous feud between Gawker and 4Chan, according to Mediaite, which exchanged email with an individual claiming to part of the Gnosis-led hack. The anonymous person told Mediaite it was “arrogance” from Gawker management and staff with regard to the hacker community that prompted the attack.
Now victims of the attack – Gawker commenters – have had their emails and passwords shared publicly with anyone who cares to download them. Simply changing your password on Gawker blog sites is not enough. Most people tend to use the same username and password combination everywhere on the Web, meaning this hack gives the attackers, and now anyone else, access to Twitter accounts, Facebook accounts, webmail accounts, online banking accounts and anything else where that same username and password was used.
Victims should change their passwords immediately on any site where that email and password have been used.
Good Samaritans Warn Victims
Although Gawker itself hasn’t directly emailed its victims, an anonymous good samaritan and the “Team at Hint” have sent out emails warning of the breach.
The good samaritan who only signed his name as “Steve” sent the following email on Sunday:
You don’t know me. I’m nobody. My name is Steve. I came across a database dump from Gawker.com earlier this evening. It’s making its rounds around the internet. Besides just the code dump from gawker.com among other sites, it also contains email addresses and passwords for over 1.3 million accounts. I’m sending this email to the 200,000 or so people who’s passwords were included, in plain text, in this archive. I have your password. However, I have 0 interest in it. Obviously i’m anonymous so how can you trust me – you can’t. But trust me, if I had interest in your password, I wouldn’t be emailing you saying I have it. That’s just dumb. The reason I’m telling you this is because people all over the world, who aren’t like me, who won’t notify you, have it. They will use and abuse it. Change your gawker.com credentials. Now. MORE IMPORTANTLY, change passwords on other sites you visit that use the same one as your gawker.com/lifehacker.com/gizmodo.com login.
Let me put it this way – my login credentials were on that list. I’d want someone emailing me if I didn’t know better, which is why i’m doing this.
Best of luck!
Meanwhile, a second email from a stealthy startup called Hint send its own message:
Hi there,
Hint wanted to let you know that your email address and password that you used to signup for Gawker (or one of its sites) were hacked. Forbes’ coverage is here.
In situations like this, time is of the essence, which is why we were surprised & shocked to find that Gawker Media hadn’t taken the initiative to notify you of this privacy breach immediately. We HIGHLY recommend you change all of your online passwords as a precaution.
-The Team at Hint
(This is a one time email)
We’re not sure how we feel about Hint using the data breach as a marketing opportunity for its yet-to-launch service that only describes itself as “the place where opportunities and adventures find you.” But we imagine they were trying to do the right thing.
