http://gawker.com/5712615/commenting-accounts-compromised-++-change-your-passwords

Quote:

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords. We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us. For tips on creating strong passwords, see this post on Lifehacker. To change your password on Gawker, click your username at the top of the page and choose the "Password" link towards the middle of the next page.

In other words, change your password if you registered with them.

In addition... what the fuck. Why would such a big company treat our credentials so poorly?

I don't know if this will impact Facebook Connect users.

Incase anyone was unaware, the following sites all use the same set of credentials:

gizmodo.com, kotaku.com, lifehacker.com, gawker.com, jezebel.com, io9.com, jalopnik.com, deadspin.com

If you have an account at any of those sites, it was compromised.

Knyte wrote:

What info do I need to protect exactly? If I recall correctly, when I signed up with Kotaku, I picked a user name, a password, and gave them my e-mail address. That's it. It's not exactly sensitive info like home address, phone number, etc.

If you were smart enough to use a unique password for Kotaku, one that is used no where else on the web, then you should change the password on Kotaku and you have nothing else to worry about.

The hackers were able to find the following information:
* Email Address
* Password
* Username

Many people use the same credentials across multiple accounts on the web. This is a bad idea, but so is doing drugs... doesn't seem to stop people.

The most common hack that could be used is the combination of the email address and password to login to a person's email account. If that email account was used to register other sites, it could be used to steal a person's identity.

This is all contingent on the concept that people, in general, are not wise enough to use different passwords all over the web.

Knyte, if I had to bet, I would guess that you are probably safe because you are alert and aware of these concepts. I would however assume that at least 80% of the Sydlexia.com population would use the same password for this website as they would on Kotaku and their email.

Updated Post: http://lifehacker.com/5712785/

So... was your account hacked?

Lets find out:

1. First go to this website and get the MD5 hash of your full email address:
* http://pajhome.org.uk/crypt/md5/
* Just type your full email address into the input and click the MD5 button.
* Copy the MD5 hash

2. Go to this website:
* http://www.google.com/fusiontables/DataSource?dsrcid=350662
* In the view menu select "Filter"
* Switch the dropdown from Domain to MD5
* Paste the MD5 hash from step 1 into the blank text box to the right of the =
* Click the Apply button

3. Did your domain pop up? Yes? Well you were hacked.

Yeah... there are two listings for Sydlexia.com

Optimist With Doubts wrote:

Well I guess thank goodness for the awkward inconsistent facebook connect.

For its messy implementations all over the web, it does have some advantages.