Monday, December 13, 2010

Gawker breached prior to nov 8th.

So normally, I'd not jump on the sky is falling bandwagon. Really all you can do is change your password everywhere, and then move on.

I have a Gawker account for Lifehacker. I also tend to forget my Gawker password a lot, since I don't leave many comments at LH. So, since I tend to forget it, I just leave it the temp password they send me, and get it reset when I need to.

I saw this tweet from @0ph3lia on twitter tonight:

RT @georgevhulme: RT @headhntr: Gawker source code and database on The Pirate Bay - http://thepiratebay.org/torrent/6034669

I figured what the hell, I'll get the file, see if I'm in it, and what my password is. My password wasn't in the parse_db.txt file, so for fun, I ran John the Ripper against my hash. I'm still learning the tricks with JtR.

First thing I noticed there are 2 hashes for me in the full db text file.

username ::: oKIw1WwUpNP3E ::: $2a$10$f42plGhxPm5Xv1K37keWiO3onjZEfoFWCAIQRWPvYRW5.BZiZ5sCa ::: username@webemailprovider.com

The first one is DES, the second one is Blowfish.

I copied that into 2 files on my BT4r2 box. 1 for each hash. Then I created a password file with my saved password from firefox, and the most recent email I got from Gawker.

Neither password matched. So I went through my email archive and got every password reset email I still had from Gawker.

The password that worked was from September 4th 2009.

============================================
Email from 2009
============================================

Gawker Comments to me show details 9/4/09

You (or someone you know) has requested that your username and password for Gawker Comments be emailed to you. For security purposes, your password has been reset.


Login: username

New Password: ZMvnRxw


============================================
email from November 8th
============================================

noreply@gawker.com to me show details Nov 8

You (or someone you know) has requested that your username and password for Gawker Comments be emailed to you. For security purposes, your password has been reset.


Login: username

New Password: Usql2Aw
----------------------------------------------

I know that I changed my Password on 11/08/2010, as you can see from the emails. Since the files were using a password from before than, I know that the breach happened prior to 10:20 am on 11/08/2010.

Don't know if anyone else is really interested in that part.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)