[Alert] Gawker’s Source Code & 1.4 Million Users Database is on Torrent for Download

Alert Gawker passwords

I read somewhere longtime back that Internet is write-only medium, i.e you cannot delete once anything goes on the web!

Unfortunately, for Gawker medias more than 1,400,000 registered users, above statement seem to be getting true.

If you search for “gawker” keyword on any top torrent-search engines you will see list of torrents with all leaked data. Tough such torrents are getting deleted by torrent sites, new torrents with same content are coming up much faster.

So what does this hacked stuff contains?

It contains, source code of Gawker Media’s blogging platform (I personally do not interest in its code as I always believed they should have moved to WordPress long time back!)

It contains database dump which includes user-info including encrypted passwords. As passwords are encrypted you may feel safe.

Reason for putting emphasis on word “may” is –  I am yet to check Gawker code’s to see how password’s were encrypted. But if they were really “encrypted” and not “hashed” in pure technical terms, they can be decrypted. Also if they are hashed using simple md5, without any cryptographic salt, they are vulnerable to attack using widespread techniques like rainbow table.

Update: Torrent I downloaded contains decrypted password of entire Gawker media staff. This surely means our passwords can be very well decrypted!

Do we need to worry?

One word answer is – Yes!

Considering overall panic around us, it seems that user passwords could be recovered. LinkedIn’s forcing their users to reset their passwords, limited to users who were part of 1.4 million leaked database, could be viewed as their proactive security measure or simply their figuring out what the worst could happen!

My next line could be considered as an overstatement, but developers who works on closed-source system often rely more on “close” nature of codes for security rather than taking efforts to use best cryptographic techniques. So I really won’t be surprised if a hacker managed to decrypt atleast some of them password’s from Gawker’s leaked database.

Related: List of 5 Top Torrent-Search Engines

4 Comments

Jagan Mangat December 16, 2010

That is seriously ridiculous.Its like trusted sites putting the user’s trust on sale.

Rahul Bansal December 16, 2010

@Jagan
I guess Gawker team overestimated their security.
Their week password encryption usage show that only.

Jagan Mangat December 16, 2010

Yes you are true.

Balaji December 16, 2010

Big guys sucks at times