Gnosis hackers attacked Gawker

Hacking group Gnosis has claimed credit for the attack on Gawker Media that saw user account names and passwords stolen and plastered onto the web.

It appears the mischief makers were miffed at Gawker founder Nick Denton and his staff for attacking publicly dodgy messaging site 4Chan.

They were able to gain access to Gawker, and its affiliates Gizmodo, Kotaku, io9, Jezebel, Jalopnik, Deadspin and (cough!) Lifehacker nabbing the details of 1.3 million comment accounts, as well as Gawker staff account information, and internal company conversations.

The hack was accompanied by the message:

"Previous attacks against the target were mocked, so we came along and raised the bar a little.

F*ck you gawker, hows this for "script kids"?

Your empire has been compromised, Your servers, Your database's, Online accounts and source code have all be ripped to shreds! You wanted attention, well guess what, You've got it now!"

The accessing of commenters passwords on the site meant the hackers could have a field day on various other sites such as Twitter, since some users - including Denton himself - followed the common if dodgy practice of using the same password for multiple sites.

Gawker yesterday confessed it had been hacked: “We're deeply embarrassed by this breach,” the outfit said in a statement. “We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

In a post on Lifehacker explaining the breach, Gawker said: "Passwords in our database are encrypted (i.e., not stored in plain text), but they're still potentially vulnerable to hackers," Users are advised to "immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts as well."

Passwords of users who logged in using Facebook Connect or Twitter weren't accessed as it didn't store them the red-faced firm said. But those like Denton who use the same password for multiple sites are advised to change theirs.

The hacked details were apparently lurking on the Pirate Bay, although the link we had to them no longer works.