Lifehacker Hack, What You Need To Do Right Now
You may have already read it on other sites that Lifehacker and other Gawker Media properties were compromised. That's bad enough for the company and web properties they own, but also for users of the sites. You see, users needed to create an account at Lifehacker and other sites before they can comment on the site. Those who were using Facebook Connect were not affected by the hack, for every other user there is a chance that their login information were indeed compromised.
According to information posted on Mediaite nearly 1.25 million user accounts were dumped from the databases by a group called Gnosis. The group is currently cracking the database and seems to have managed to retrieve 273k passwords so far, some of which are linked to government sites.
The group promised to release the full site source code and full database dump in the next days. They did release a partial dump already. A total of 2650 users of the database have been using the password "password" or "qwerty", two of the most insecure passwords ever. Of those users one had a gov, three a mil and 52 an edu email address.
Now, what do users need to do that had an account over at Lifehacker. They need to assume that their account was hacked along with the others, and that attackers were able to crack the password.
First step is to change the password over at the Gawker media site. That's all if the username / password combination was only used on that one site. Problems arise for users who use the same username and password combination on all of their web accounts. These users need to change the password on all of their accounts.
Our tip: Install a password manager like Last Pass that can help in the generation of secure passwords and the storage of them. It is imperative to use a username / password combination only once on the web.