We’re still in the early to middle stages of the fallout from the attack on Gawker sites yesterday. But the hackers released a file with what they *claim* were the logins and passwords of 21 past and present Gawker staff, which altogether appear pretty weak.
Any valid passwords have been changed by now and the list is available publicly. So we’re reproducing it here:
Alex Pareene: kavan1
Choira Sicha: arthur
Richard Lawson: bambola
John Cook: freddy
Whitney Jefferson: tilden
Nick Denton: 24862486
And more (username, password, email address):
jesseo ::: jesseo1 ::: email@example.com
peti ::: almafa ::: firstname.lastname@example.org
nayab_098 ::: connecti ::: email@example.com
nunzilla ::: boeing ::: firstname.lastname@example.org
rlawson ::: bambola ::: email@example.com
Lodwicktologist ::: lauren ::: firstname.lastname@example.org
a_OK ::: okies ::: email@example.com
CarolineG ::: dratini ::: firstname.lastname@example.org
nicola3 ::: cheesies ::: email@example.com
whitneytilden ::: tilden ::: firstname.lastname@example.org
katemax ::: newyork ::: email@example.com
JaneLevin ::: sparkle ::: firstname.lastname@example.org
mgnyc ::: louise ::: email@example.com
saortega ::: capecod ::: firstname.lastname@example.org
Sposts ::: amads ::: email@example.com
Almost all the passwords are letters-only, all are lower case, and marketing manager Jane Levin’s would have been susceptible to a dictionary attack, in which hackers try every word in the dictionary.
Should have read that helpful Lifehacker post, guys.
Check out the slideshow of our favorite tweets about Gawker, the attack and hubris here.
ajeffries [at] observer.com | @adrjeffries