The latest celebrity gossip website suffers from a SQL injection attack, and its customer database with passwords is compromised. Gawker hacked code shown.
On December 12, 2010, CNET News reported that the celebrity news and gossip website Gawker.com had been hacked. The site currently has a statement warning users that the database was compromised, and the users’ passwords were stolen. The site had user passwords encrypted, but simple encrypted passwords are vulnerable to brute force hack attempts to reveal the password.
In addition to having the database of passwords compromised, Gawker’s hacked website code was also revealed. A post was made with the Gawker website source code, and a link to the source code was available from the popular torrent download website, The Pirate Bay. The source code was available for download for several hours before it was found by Gawker website administrators to take down the code and fix the hacked website.
Gawker is a popular Hollywood celebrity gossip magazine that reports the latest celebrity news and reports. It is considered one of the primary online websites that reports some firsts in the celebrity news industry.
Data Security Management and Databases
Internet data security requires protection of an online database to avoid issues such as SQL injection. SQL injection is a type of database security issue that allows the hacker to inject SQL code into the website code that retrieves data for the site. With poor security, the database such as the Gawker customer database runs the injected code for the hacker, so information can be retrieved, deleted or changed, depending on the type of code sent to the server.
This type of database hack is typically used to gain access to important information such as passwords, credit card numbers and banking information. SQL injection can be avoided using stored procedures or by “scrubbing” data to avoid the code that allows the server to run malicious code.
While Gawker fixed the hacked website, the site still must find the security issue on the website. Fixing a hacked website returns the site to a working state, so it can function and generate money from readers and reporting the latest celebrity gossip, but unless Gawker finds the security hole, it can happen again.
For this reason, never use the same password for random websites that you use for important information such as financial data. Always use a different password. If a poor password was entered on Gawker, a brute force hack on the password can “guess” the password within minutes. A brute force hack means the hacker uses each possible combination until the password is “guessed.” Longer passwords with special characters and upper case letters are harder for software to hack.
As Gawker attempts to fix the security hole in its website code, the site asks that users change any password that matches the password used to interact on Gawker.