Gawker Media Inc. is urging subscribers to change their passwords because someone has managed to hack into the company's user database.
The company, which runs a series of irreverent blogs on media, technology and other issues, said in a posting on its website Sunday that the commenting passwords used on the sites were encrypted, but simple ones could be vulnerable to attacks by hackers' computers.
The company also said passwords on other sites should be changed if they were the same as the ones stored by Gawker Media.
"We're deeply embarrassed by this breach," the posting on gawker.com said. "We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems."
Millions of people are likely affected by the breach because of the popularity of Gawker's sites such as Gizmodo, a tech gadget news site, said Rich Mogull, CEO of Phoenix-based Securosis, a security research firm.
The damage should be minimal, though, because Gawker probably stored only e-mails, user names and passwords, Mogull said. The problem comes if people use the same passwords on other sites, such as online banking. The hackers likely were able to figure out easy passwords even though they were protected on the Gawker site by a simple algorithm, and could use them to access bank accounts, Mogull said.
The hackers could be upset about something written on one of Gawker's sites, or they could be doing it for bragging rights, Mogull said.
"It's kind of a juvenile thing. It's like spray-painting," he said.
Such attacks are very common and difficult to stop, as long as the hackers have enough time to try to breach the system, he said. "If someone is determined and knowledgeable, you can't keep them out," he said.
The attacks probably are unrelated to recent cyberspace attacks over the WikiLeaks site's release of classified government documents, but Gawker could have angered some of the same people, Mogull said.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου