Gawker hack may put government workers at risk

Report says government passwords culled in hack

Government employees who accessed the popular Gawker Media website may be at risk of future cyberattacks as a result of the weekend hacking against the site, according to a report from "PBS Newshour." The report states that during the Gawker attack, a “select sublist” of apparent e-mail addresses and passwords of employees from federal, state and local government agencies were compiled for potential future attacks. The individuals whose passwords were posted included a NASA official and a chief of staff for a member of Congress, the article states.

Gawker, which publishes several news and entertainment blogs, said about 1.3 million accounts had been compromised, including users' passwords. The data reportedly was released publicly on file-sharing sites on the Internet.

Government employees who may have accessed Gawker from their work computers are being urged to change their password information to reduce their risk, the article states.

Gawker posted the following after Sunday afternoon’s attack:

"Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you've used the same passwords. We're deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us."

The post goes on to give tips for creating strong passwords and gives instruction on how to change a password. (Nearly 2,000 of the stolen-and-published passwords were "password," according to PBS, suggesting that many people haven't taken this lesson to heart.)

PBS reports that the list includes a variety of government agencies at the state and federal levels, and Congress.

The identity of the Gawker hack perpetrator seems to be unclear. The loosely organized ring of international hackers that call themselves "Anonymous" and are operating under the label "Operation Payback" may have been involved, according to published sources. It was "Anonymous" hackers who took down the websites of Visa and MasterCard after they stopped processing donations to WikiLeaks.

However, the blog Urlesque reports that the hacker group Gnosis carried out the attack. Gnosis "isn't affiliated with Anonymous, but it took issue with Gawker's dismissive attitude toward Anon and hackers in general, and decided to send a message," writes Jay Hathaway at Urlesque.

Another Village Voice blog entry reports that someone claiming credit for the hack disavowed a connection to Operation Payback but posted what the hacker purported to be a transcript from Gawker's internal chat program. However, the transcript seems to be from several months ago, making it impossible for the hack being discussed in the conversation to be yesterday's, the Voice reports.

PBS posted instructions that were attached to the selected government addresses from inside an Anonymous chat room.

The instructions, riddled with grammar and spelling errors, said in part: “These people more than likely use the same pass everywhere. Try to gain access to the @email STMP using the email/pass combination also google their email address to find other accounts on the inernet [sic] they may have and try their password with said accounts.

“If the people in this dump have admin/mod rights there maybe [sic] other sensitive information worth disclosing to the internet, scrape any and all information you can and dont be XXXXing stupid, these are government officials, use many layers of proxies and report back any lulz to (REDACTED).”

About the Authors

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Alysha Sideman is the online content producer for Washington Technology.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.