Gawker Password Mess Spreads to World of Warcraft, and Apparently to Yahoo

The residual effects of the weekend hacking attack on Gawker have now spread to Yahoo and World of Warcraft players.

Yahoo spokeswoman Dana Lengkeek just emailed a statement saying that some Yahoo users were required to reset their passwords. “As part of our ongoing security measures we issued a password reset to some users. Yahoo! does this periodically to ensure the security of users.” She didn’t specify whether or not this was in direct response to the Gawker incident, but it’s not hard to conclude that it was, given the timing. I’ll update if Yahoo says anything further.

I have a Yahoo account and was required to change my password today, and yes, I also had a Gawker commenting account, so at this point it’s safe to say they certainly seem connected.

Meanwhile, Blizzard Entertainment (developer of World of Warcraft and provider of the Battle.net gaming service) was abundantly clear about the connection in an email to its customers. “We’ve recently been informed that several Gawker Media websites have been compromised…To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password,” it said.

Other Web incidents–perhaps connected to Gawkergate, perhaps not–have occurred during the past few days as well. For instance, McDonald’s disclosed that a database containing email address and birthdates of people who had signed up to receive promotions was compromised. It notified those customers on Monday. Again, it’s not clear what connection, if any, there may be to the Gawker incident, but the timing certainly makes it seem possible. I’ve asked McDonald’s for a comment and will update if I get one.

In another incident, drugstore chain Walgreens disclosed on Friday that a database of email address belonging to its customers had been breached. Given the timing–the Gawker incident happened over the weekend–it’s probably not connected, though it’s hard to be sure, as the folks at ~~Anonymous~~ Gnosis, the group that attacked the Gawker sites, say they’ve had access to the database for about a month. I’ve asked a Walgreens spokesman for a comment, and as with all the other cases above will update if I hear back.

This comes on top of other related forced password changes at Twitter and LinkedIn, as my colleague Peter Kafka reported earlier today.

Meanwhile, our friends at Digits have a fascinating graphic on the Top 50 passwords used on Gawker. Topping the list: “123456,” “password” and “12345678.” The two lessons in all this? Make your passwords complex, and don’t use the same password for multiple sites.

Glenn Fleishman

Gnosis, not Anonymous. Right? Or so they claim.
http://pithagora.com fjpoblam

I changed so many passwords last night, it’s probably getting time to reconsider why I connect with so many places that want passwords. Maybe I should narrow down. (I haven’t put out for password managing software…)
Arik Hesseldahl

Glenn — You’re correct. I fixed to reflect that. Hard to keep track of the battle lines. Strictly speaking I got ‘em mixed, up though I would imagine there’s some overlap, no?
Glenn Fleishman

That’s part the mystery, I guess. Could be the same group or entirely different. Sounds like Anonymous has a handful of masterminds, and then a lot of drones who commit resources. The Gnosis guys seem much more directed in their actions.
http://www.facebook.com/people/Gyan-Gage/100001765755308 Gyan Gage

If anyone needs a strong password that is really easy to remember I recommend http://www.passwordcake.com
Anonymous

Wow, that really is a mess!

http://www.internet-privacy.edu.tc
http://michaelkpate.com Michael K Pate

I have been a big believe of http://supergenpass.com/ but having to transfer those passwords to mobile devices has become such a pain that I have been exploring other options. Whatever you do, though, you should never use the same password more than once.
http://pulse.yahoo.com/_YB53EZ6BW2CI57SQ6XUKOMJ3EU x10

lol, it’s not hard to conclude given the timing. that’s some real journalism there. more accurately, it’s not hard to assume givin the timing and that’s good enough for me to publish an article implying more facts then there are.
http://www.arcticllama.com/index.htm ArcticLlama

Everyone is mocking the weak passwords for Gawker commenting accounts. The fact is that a lot of users don’t care about their Gawker account. In fact, many of those users didn’t want to have to register for an account to comment in the first place. Why bother to make a “real” password just to post a comment, especially if you never plan to use the account again?
http://www.arcticllama.com/index.htm ArcticLlama

I had that thought too. Why does everyone insist on creating ANOTHER user account?

BTW, LastPass is a free password manager plug-in for Firefox and Chrome (and maybe IE), or use KeePass (also free) for local password management.

Cheers.
http://twitter.com/pinkano pinkano

So easy with Sticky Password or any other password manager to change all your passwords now :)
Anonymous

Yes, I use it. Is the best

Gawker Password Mess Spreads to World of Warcraft, and Apparently to Yahoo

comments so far. Add yours.

AllThingsD by Writer