Following a security breach at Gawker Media, computer users who have left comments on websites such as Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot are being advised to change their passwords as a matter of priority.
In a statement published on their websites, the media group said:
We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security - and of trust. We're working around the clock to ensure our security (and our commenters' account security) moving forward.
If you've registered an account on any Gawker Media web site (that includes Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot), and you didn't log in using Facebook Connect, then it's best to assume that your username and password were included among the leaked data.
Up to 1.3 million passwords are said to have been stolen from the websites by a hacking group calling itself Gnosis. The grabbed credentials were then posted up on Pirate Bay, allowing others – potentially – to compromise accounts.
Further details about how to proceed are available in their FAQ on the subject. If you’ve commented on the above list of websites I would recommend that you check out the FAQ as a matter of priority to ensure that your other online accounts are safe.
So, time to learn two important lessons. Never use the same password on multiple websites and – when changing your password like in situations like this – make sure that it’s not a dictionary word that is easy for hackers to crack.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Update: The security breach has been implicated in a widespread Acai Berry spam attack which has hit Twitter users hard, emphasising the need to use different passwords on different websites.