Lifehacker Australia Unaffected By US Hacks

It's been in the news that Gawker in the US was hacked recently. We'd like to reassure local readers that the Australian edition sites are run on entirely separate infrastructure. AU versions of Gizmodo, Lifehacker, and Kotaku are unaffected. UPDATE: To clarify, if you have ever signed up to a US version (.com) Gawker site, you should assess whether you have been compromised. This US Lifehacker FAQ has all the details.


Comments

    Some readers (myself included) may have had accounts from before the AU splinter site started. Those old accounts are still over there and were compromised. If you're a long time follower of any Gawker site, best to change some passwords still.

    oh good - thanks for letting us know that guys, I wasn't sure what to do as I don't think I even use a password here.

    My password was released :(

    Discovered my email had been logged into and then recieved an email from some friendly hacking group that they were emailing me because Gawker hadn't to inform me that me that my password had been released.

    Guess i posted on US website at some point in time.

    Weren't the comments on the 2 sites linked at some point in time? If i made a comment at that point in time would I have my details in the leaked database of passwords?

      At times, US comments have been fed through on the AU site, but we've never had our own password-based system and have never fed local comments back to the US. So no - the only way your details would be in the Gawker database was if you signed up to comment on one of the US sites.

    It puzzles me why the password would be in clear text in the database rather than a hash to protect those stupid enough (like me) to use the same password in multiple places.

      Erm, they weren't stored as clear text, they were stored under MD5 encryption, which is one of the easiest to crack (google MD5 decrypt), millions of online tools that simply dictionary attach the hash. It is not very secure at all.

      It's common practice to only store a hash digest of the password in the database, not the password in plain text.

      That being said, a weak password can still be derived from a hash digest using a rainbow table, but this is easily protected by salting the hash before it's stored.

      This is all very basic security, so I don't know what's happened in this case but it sounds like Lifehacker US have a wake up call to shape up!

      The password was not stored in clear text. They are in hash form but hashes can be brute forced which is what has happened here. If they have a copy of the data they can brute force it at their leisure.

    For those wondering if their lifehacker US pw is compromised, check here
    http://www.labnol.org/internet/check-gawker-email-database/18341/

    Pretty sure they were encrypted but not particularly well encrypted.

    I got scared because I got an e-mail from gawker telling me to change my password.. I clicked the forgot password, turns out I never made an account there with my email but someone else did! Poor Gawker/users.

    This is the third major website this week that have told me that they were hacked... Probably a coincidence, but still...

      they're stealing the internet!

      http://www.penny-arcade.com/comic/2007/7/16/brains-with-urgent-appointments/

    I got an email from Gawker advising that I am associated with a media user account - it went to my spam box so im not clicking any links, but using a the check on widgets on the lifehacker faq's show a big NO - is it possible because .au based lifehacker requires using a email address to posta comment, that gawker are sending notification out to all email addys associated with all sites regardless that weather an account was created or not?

      Hi Sarah, Short answer is no - Gawker have been contacting users on its registered user lists, not using other sources of data.

Join the discussion!