Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Attack on Gawker Spawns Twitter 'Açai Berry' Spam

by Amar Toor on December 13, 2010 at 10:15 AM

açai berriesYesterday, Gawker announced that its servers had been hacked, and that more than a million of its user account passwords had been compromised. According to the site, all passwords were encrypted, but "simple ones may be vulnerable to a brute-force attack." Gawker recommended that all users change their passwords on its platform, and on any other site where they had used the same password. The damage, however, had already been done.

Not long after the attack, a group called 'Gnossis' posted a 500-megabyte file on BitTorrent, containing all the password information swiped from Gawker. (Gnossis is allied, unsurprisingly, with 4chan.) Spammers then used this information to hack into the Twitter accounts of users who had used the same password on both Gawker and the microblogging platform. The hackers posted messages promoting açai berries on hundreds of thousands of compromised accounts, along with a link titled 'acainews.' Twitter head of security Del Harvey later confirmed the connection between the two attacks, and recommended that all Twitter users with Gawker accounts change their passwords.

It's still unclear why the hackers targeted Gawker in the first place, but, as the BBC reports, some took control of Gawker's own Twitter account, and posted messages supporting WikiLeaks founder Julian Assange. Gawker, in the past, has been somewhat critical of Assange, so the attack may be connected to the other pro-WikiLeaks cyber campaigns that were launched last week.

The good news, though, is that the 'acainews' links don't appear to connect to any malware that could steal personal information. Nevertheless, Sophos security consultant Graham Cluley said anyone whose Gawker account had been compromised may find themselves targeted by another group in the near future. "Every identity thief, hacker and spammer out there will be attracted to that password file," Cluley warned. The ultimate lesson, of course, is that Web surfers should begin using more complex passwords, and should avoid using the same one on multiple sites. And, again, if your Gawker or Twitter account has been compromised, you should change your password before doing anything else.

Tags: 4chan, CyberAttack, gawker, hack, Julian Assange, JulianAssange, password, privacy, security, top, twitter, Web, Wikileaks

HuffPost AOL Social News Most Popular