Security News > 2010 > December > Gawker was hacked six months ago, say sources close to Gnosis

Gawker was hacked six months ago, say sources close to Gnosis
2010-12-31 09:49

http://www.guardian.co.uk/technology/2010/dec/29/gawker-hacking-gnosis-six-months By Charles Arthur guardian.co.uk 29 December 2010 Hackers had access to the gossip site Gawker's content management system (CMS) and password files for around six months, rather than the few days suggested by the company, the Guardian has learnt from sources connected to the break-in. That contradicts the indications given by Gawker in public statements, such as an email sent out on 17 December by Thomas Plunkett, Gawker's chief technology officer, in which he suggested that the hackers only had access "briefly" to the site: "Gawker Media servers and some company email accounts were compromised by hackers at some time during the last few weeks; the compromise was made public to us (and everyone else) this past weekend," Plunkett wrote in an internal memo which was reposted on the Poynter.org website. The hacking of Gawker and its associated sites led to the usernames, email addresses and passwords of 1.3 million registered users of the sites being made available . among them, those for Gawker staff including its chief Nick Denton. The hackers discovered Denton had used the same password for Gawker and for other sites such as Campfire, used by his company to coordinate its work. That allowed them to access those sites and find sensitive details including chats between members of the company. Sources close to the hacking group Gnosis, which carried out the attack, have told the Guardian that they obtained access to Gawker's server by using a "local file inclusion" (LFI) weakness. Gawker has not previously said whether the access was via a weakness in the Gawker site, via a staff member's password, or some other means. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/


News URL

http://www.guardian.co.uk/technology/2010/dec/29/gawker-hacking-gnosis-six-months