Product Reviews
Take Action

Save Net Neutrality

Preserve an open internet where you can access websites without barriers. Make your voice heard by standing up for net neutrality.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

Gawker security breach exposes 200,000 passwords

Consumer Reports News: December 13, 2010 12:48 PM

If you've ever posted a comment on a site belonging to the Gawker Media network (including such popular sites as Gawker, Gizmodo, and Lifehacker), change your password now. And while you're at it, change your passwords on Twitter, Facebook, Gmail, and any other sites where you may have used the same password as the one on your Gawker account. Then come back and read the rest of this post. We'll wait.

Why the urgency? Hackers who broke into Gawker's network may have already published your username, email address, and password on the Internet.  Although Gawker encrypts its users' passwords, the hackers apparently decrypted the ones for the 200,000 accounts contained in the file.

The issue goes beyond Gawker's network, since many Internet users reuse the same username and password repeatedly. If you fall into that category, you need to change your password right away, and follow these guidelines when resetting it:

  • Use different passwords on each site.
  • Include caps, numbers and/or symbols.
  • Make it at least 6 characters.
  • Use the most secure option available on sites that store your financial information.
  • Don't use your name, street, or phone number.
  • Don't use common names or words. One indication of how many people use common words: Over 2,000 users in the list of compromised accounts used "password" as their password.
  • Remember it. One trick is to think of a phrase you won't forget, then gussy it up. For example, "I pledge allegiance to the flag" could be shortened to "ipattf". Then throw in some numbers and symbols.

If you try logging in to a site where you've used your Gawker password and find that you can't, that account may have already been breached. Contact the site immediately and let them know about the problem.

According to Gawker Media site Lifehacker, the company is "bringing in an independent security firm to improve security across our entire infrastructure. Additionally, we will continue to work with with independent auditors to ensure we maintain a reliable level of security, as well as the processes necessary to ensure we maintain a safe environment for our commenters."

(Note: Our sister site, FAQ: Compromised Commenting Accounts on Gawker Media [Lifehacker]

Marc Perton

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more