Security experts are warning internet users to maintain different log-in credentials for different accounts, after news emerged that hundreds of thousands of Twitter accounts may have been compromised when Gawker Media’s web sites were hacked.
The media house, which owns sites such as Lifehacker, Gizmodo, Gawker and Jezebel, was hacked over the weekend, exposing the details of those who had left comments on the sites.
In a statement, the firm said: “We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security – and of trust.”
“If you've registered an account on any Gawker Media web site and you didn't log in using Facebook Connect, then it's best to assume that your username and password were included among the leaked data.”
The details of more than one million accounts were then posted on Pirate Bay and appear to have been used to hack the Twitter accounts of those who used the same log-in credentials for the micro-blogging site, and then send out spam.
In a Twitter update, the firm’s head of trust and safety, Del Harvey, wrote: “Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise.”
The attack in question is a spam campaign which may have used hundreds of thousands of hacked accounts to send messages promoting an acai berry diet, according to Sophos senior technology consultant Graham Cluley.
“Not enough computer users have woken up to the danger of using the same password on different websites. Doing that means that if one site gets hacked (as in the Gawker case) then you might also be handing over the keys to other websites,” he wrote in a blog post.
“Once one password has been compromised, it's only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.”
Cluley recommended users strengthen their passwords by not choosing dictionary words, but instead using other techniques to build seemingly random combinations of characters.
“A good trick is to pick a sentence and just use the first letter of every word to make up your password,” he added.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment