ie8 fix

Between the Lines

Larry Dignan, Andrew Nusca and Rachel King
Home / News & Blogs / Between the Lines

Your Gawker password hacked? Some of you deserve it

By | December 14, 2010, 9:54am PST

Gawker comment passwords were hacked over the weekend and judging from the idiotic selections from some users they had a security breach coming anyway.

The Wall Street Journal’s Digits blog rounded up the top 50 Gawker media passwords. Here’s the recap:

  • More than 3,000 people had “123456″ as a password.
  • Nearly 2,000 people had “password” as a password.
  • More than 1,000 folks had 12345678 as a password.

Other gems included “qwerty,” “abc123″ and “111111.” Let’s get real here. If you selected those passwords YOU DESERVE TO GET HACKED!

Memo to anyone creating a password. Capital letters are good. Symbols are good. And numbers can’t hurt either. Never—ever—use password as a password.

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Between the Lines”

Topics

Password, Capital Letter, Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic.

Disclosure

Larry Dignan

Larry Dignan has nothing to disclose. He doesn’t hold investments in the technology companies he covers.

Biography

Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CNET News.com. Larry has covered the technology and financial services industry since 1995, publishing articles in WallStreetWeek.com, Inter@ctive Week, The New York Times, and Financial Planning magazine. He's a graduate of the Columbia School of Journalism and the University of Delaware.

For daily updates, follow Larry on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
42
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Your Gawker password hacked? Some of you deserve it
birumut Updated - 17th Jun
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat
View in thread
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
Loverock Davidson 14th Dec 2010
Do they really deserve to get hacked or do they just not know any better?
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
PlayFair 14th Dec 2010
@Loverock Davidson

I have to agree with you LR. Most of the people coming to this this site likely know how important a reasonably strong (at least) password is. Tools like Lastpass that everyone should have, aren't exactly user friendly, i.e. with password generation. But because many computer users are ignorant about this stuff, they'll miss out, and simply use something that they'll remember.

For most, the threat of being hacked does not seem all that real. Kinda like how many people feel about leaving valuable items visibly displayed in their cars with the door locked, and then come to find their window broken and item(s) taken.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
richardw66 15th Dec 2010
@PlayFair

Interesting thing is that Film/TV production insurance used to cover equipment everywhere except left in a locked vehicle. So if you left equipment in the middle of the park it was insured, but in a locked car it wasn't! Shows where things get stolen from!
0 Votes
+ -
It's just a question of risk...
johnmckay 15th Dec 2010
@PlayFair

And maybe folk decided that there's little risk at Gawker.. not as if its holding cash. We'd all be idiots to think that these folk do this for ALL their passwords. Give them some credit.

Anyway... it's difficult to maintain passwords these days. Most folk write them down in case they forget. How many of you clever folk write your complex passwords down? Eh... who's the idiot now???
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
PollyProteus 15th Dec 2010
@GetReal-mac.com

I keep my passwords in an encrypted database... happy
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
richardw66 15th Dec 2010
@Loverock Davidson

You are right - they just don't know better.

And besides the best password is 0000 - that is why phones use it as the default password, everyone should use that happy
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
tech_monster 14th Dec 2010
So I guess comparing people to idiots and then condescending them in capital letters now passes for professionalism.... Wrong side of the bed today, Larry?
0 Votes
+ -
<sarcasm>Nice attitude, Larry</sarcasm>
alsw 14th Dec 2010
Some people just may be naive and not understand the implications of using a simple password. To say they deserve grief is just mean.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
twaynesdomain 16th Dec 2010
@alsw
I agree. To assme that a new person to the 'net is instantly as knowledgeable as the author (or any one of several other reasons that are viable) is complete and total ignorance.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
rhonin 14th Dec 2010
Big complaint - to many enforcedpassword format restrictions.

How many of us keep a "list" because we have too many different passwords?

Be nice if all sites/systems allowed lcase, ucase, number and symbol......

oh well..... chuckle
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
Bookmark71 14th Dec 2010
@zenwalker

Exactly... I find too many services that won't accept symbols or have a restriction in length to 10 characters. It forces you to maintain at least two strong passwords at the same time. This gets complicated if you change them every 90 days, especially as you get older.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
richardw66 Updated - 15th Dec 2010
@Bookmark71

Actually can anyone explain how changing case makes it harder for an automated attack?

Or for that matter does a short password get broken faster than a long one these days, when most attacks are dictionary attacks?

Surely the short password is only more secure against an attack that goes through every combination of symbols starting with one character then increasing, and then it only saves time?

And mixing letters and numbers prevents what? a dictionary attack only? As does case changes?

A 5 character password is a 10 character password with the last 5 characters being NULLs.

A letter and number password with upper and lower case has less possible combinations than a password that allows all upper or all lower or letters only - forcing any option is in fact limiting the possibilities.

So really all you are doing is making dumb guesses harder - and maybe fooling with the minds of the less mathematically able hacker!

I suppose you are making the stupid user not just do something simple and stupid - but you are not making the more knowledgeable user create a more secure password by enforcing the rules.

The guides that give you a strength rating on your password are not really true at all.

hlp - is as strong as Axe12mz27 - unless the password is limited to 3 characters, but hello is not strong.

I am not saying that everyone should use short passwords - just that some of the logic is based on a cultural assumption and not the maths involved.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
David A. Pimentel 15th Dec 2010
@richardw66
You wrote: A letter and number password with upper and lower case has less possible combinations than a password that allows all upper or all lower or letters only - forcing any option is in fact limiting the possibilities.

Based upon that statement alone, you need to go back to school and relearn your basic combination and permutation math. Then come back and make an educated post. Try this simple site: http://www.mathsisfun.com/combinatorics/combinations-permutations.html
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
macgirvin 15th Dec 2010
@David A Pimentel

His math is right. Let's simplify this with a password that has two "characters". In the first case they can be letters or numbers. That provides 62X62 or 3844 possibilities. If one character *has* to be a digit, there are now 62X10 or 620 possibilities.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
OffsideInVancouver 14th Dec 2010
Of course, maybe a bunch of people aren't really that fussed about their security on Gawker because it doesn't contain any relevant information. My password here is probably pretty guessable for people that know me, but there's no information of any use to anyone in my account details and the email address I used for registration is just a spam catcher.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
IgnorantBugger 16th Dec 2010
@OffsideInVancouver Exactly, apparently my Gawker password was compromised meh? I quite frankly didn't know I had an account there, I don't use the site/sites associated or care much about it so big deal... If I created an account to comment there with such a useless password (as I did) then my username would have been just as bland and not related to me.
0 Votes
+ -
I notice a total lack of condemnation of the hackers
Palmetto_CharlieSpencer 14th Dec 2010
How about placing at least some of the blame where it's REALLY due?
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
snoop0x7b 15th Dec 2010
@Palmetto Actually, should be blamed on Gawker, had they hashed the passwords, the list wouldn't have been exposed.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
PollyProteus 15th Dec 2010
@snoop0x7b - They did hash the passwords. I downloaded the files to see if my password was in the clear and it very obviously wasn't.

And I do use rather complex passwords, but regardless I changed it to something new when I got the news of the hack.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
brichter 15th Dec 2010
@Palmetto This article isn't about the hackers, it's about password strength. The hacker article was yesterday.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
zclayton2 16th Dec 2010
@Palmetto Usually I agree with you, but that is a separate post. This one is about people who shouldn't be using computers unsupervised.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
mahalotm Updated - 14th Dec 2010
Where is the condemnation of the hackers? Given your logic if I don't have fortress type security on my home and someone breaks in I'm the one at fault and not the burglar? How about giving some thought before you write a column, unless of course your goal is to just to get responses like mine.
0 Votes
+ -
Staff
RE: Your Gawker password hacked? Some of you deserve it
Larry Dignan 14th Dec 2010
@mahalotm OK OK, I'm a tad grumpy perhaps, but having a password like "password" is like leaving your front door open, posting a sign says take whatever you want from my house and then bitching when all your valuables are swiped.
0 Votes
+ -
Grumpy or not
archangel9999 15th Dec 2010
@Larry Dignan You've got it wrong - it may be like leaving your front door unlocked but hardly open with a big sign as you suggest

And even leaving your door unlocked does not absolve the criminal who decides to take advantage and enter - something you don't even mention amid your condemnations and justification of the crime

Perhaps you should look in the mirror if you're seeking someone to call an idiot
0 Votes
+ -
Who cares, Larry...
search & destroy Updated - 15th Dec 2010
The only one I posted in was the Lifehacker website using a toss-away email address and 1-2-3 password. Big freakin' deal.

The only real idiots were the ones who put valuable information into their accounts.

Some people don't have a clue about surfing the internet anonymously. Their stupid lives have to be an open book for everyone else to see out there. You get hacked while putting personal information in there like that, you get what you deserve. Poo-poo tough.
0 Votes
+ -
sorry
oncall Updated - 14th Dec 2010
duplicate
0 Votes
+ -
You know what happens next
oncall 14th Dec 2010
You called it the "wild west" except it contains access to most people financial lives now. Then blame the bystanders when they were just going about their lives unaware of the gunfight outside. Those "users" are going to start demanding their government take action to "protect us all". Just saying, don't be surprised when it happens.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
james347 14th Dec 2010
Yep.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
gpend Updated - 14th Dec 2010
perhaps people user a simple password so they don't have to keep a list. to use an analogy like yours: I keep my Mercedes locked, it has a sidewinder key that would cost several hundred dollars to duplicate and is near impossible to pick. My beat up old Jeep with no top, emergency plates and painted bright orange is unlocked so if someone is stupid enough to take it they can get on the road where my cop buddies can find them. Its all about priorities, why lock the empty car if all you are worried about is thieves.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
gpend 14th Dec 2010
@gpend oh and for the admins out there, quit complaining about our passwords while requiring us to use e-mails as usernames... just as this site does.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
richardw66 15th Dec 2010
@gpend

Or do what I did - I was sick of my van door locks being twisted with a screwdriver - so I disconnected the rods from the key barrel to the lock.

This way the would-be thieves would turn the barrel as much as they liked and nothing!! - so that would keep them busy in the hope someone might see them trying.
0 Votes
+ -
Not an important website
zmud 15th Dec 2010
Everybody requires a password these days
It shouldn't need a password to start with
so what if my Gawker account gets hacked
0 Votes
+ -
Who cares?
jonc2011 15th Dec 2010
I don't care if some d__khead wants to hack into my Gawker account (if I had one) - what is he going to achieve - sfa. As long as my email and bank accounts are well protected, I don't really give a toss, so use simple passwords - though not 123456 certainly.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
aiellenon 15th Dec 2010
I know a guy who is retiring next year that occasionally taps me for technical help with his computers, he owns several businesses, is worth more than a couple of million dollars and uses the password "user" on everything, because he "can't" remember the password if it is anything else. when forced to use something longer he just puts his initials and BD.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
snoop0x7b Updated - 15th Dec 2010
I think we all deserve for our security to be treated more seriously... WTF Gawker, don't know how to hash a password? It's really easy:

sha256(password + salt);

I'm constantly appalled that so many sites that have user login do NOT hash their passwords. Isn't that the thing that every introduction to web programming tells you to do? I mean yeah your users shouldn't share passwords amongst sites, but seriously, WTF Gawker.


Where are the other people attacking Gawker on this one?
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
MikeAlx 15th Dec 2010
So applications should not allow users to choose these daft passwords. They should enforce a minimum standard, and display a 'strength' indicator.

The idea suggested in some places that one should have a different password for every site is ludicrous. Who can remember 40-odd different passwords? You'd end up writing them down or sticking them in a file - both stupid things to do!
0 Votes
+ -
The problem is with Understading, not all users are Geeks
BlueCollarCritic 15th Dec 2010
The problem is with Understading, not all users are Geeks and therefore do not realize how important a good password is. If you look at it many people have never had true, proper training in how to use an internet enabled computer in a safe manner. We teach home ec in school along with shop and other trade/arts//crafts like skills or trades that people engage in on a regular basis. Yet what do we do about educationg people on computer use especially on the net? They do have some classes but unless you went to scholl in the past 5 years you porbably have had no formal training outside of what you've done yourself.

And so the most widely used skill in the world, accessing the internet or web based apops/systems over the global network knows as the internet, has never been taight to most users who left school more then 5 years ago.

I am no fan of licsening internt access b/c we have afr to many restrictions of freedom as it is but we do need to better educate people in general about comuter use and we better do it soon b/c computers are NOT going away nor is the web.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
ppetty 15th Dec 2010
you know, it is very possible that a good number of accounts useing those passwords are actually 'multi' accounts set up by people who do know better, with the accounts only being used once or twice for stuff like posting an annonymous comment. id be more interested in the numbers if there was an idea on how much usage accounts with those passwords actually had, because really, in the scope of how many total accounts there are, a few thousand simple passwords isnt much.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
brichter 15th Dec 2010
It's freaking Gawker, folks! Who needs a secure password for Gawker?

Now if it was your credit union password, sure, it better be secure.
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
twaynesdomain 16th Dec 2010
NO ONE "deserves" to be hacked! NO ONE should be chases away from an informative site, as this one is sometimes. NO ONE looks down on those less experienced and expects favor for it.
There is data in that article that could have turned it into an interesting read for the experienced, and a learning spot for those still not aware of the valuable information you could have passed on. As soon as you condescent you lose credibility in the eyes of the newer less experienced people plus myself.
0 Votes
+ -
Do away with passwords altogether
semmerling@... Updated - 17th Dec 2010
As long a users ( human beings ) are allowed to pick their password..you'll have dumb passwords.

OK..."force" them, programatically, to make it tough...well...then they'll write it down somewhere.

Bring on the biometrics...scan my finger, eye, hand, face....whatever...just don't make me remember or change another freakin' password....

To steal a quote from the 6million dollar man..."We have the technology..."
0 Votes
+ -
RE: Your Gawker password hacked? Some of you deserve it
birumut Updated - 17th Jun
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix