Over the weekend, the Gawker Media family of websites got hacked. A file purportedly containing over a million usernames, email addresses and passwords is currently doing the rounds of torrent sites and all users who logged in with an email account are being asked to change their passwords.
What’s interesting is not the hack itself (you poke 4Chan and their ilk with a stick, you’re bound to get some blowback) but how annoyed the users are. People had used their work email addresses to sign up, or had used weak entries like “password” or “qwerty” that are easy to remember, and equally easy to crack. Not only that, but several users have since admitted that the passwords they used on the Gawker sites were also the same as for their email, Twitter, Amazon, even online banking accounts.
This is incredibly stupid. No matter how trivial a website is to you, or how secure it appears to be, you do not use the same password for one website as you do for another. Users are finding this out the hard way, as their email and Twitter accounts have been compromised and a flood of spam has been unleashed on Twitter. Using the same password on more than one website has placed their entire internet identity at risk; users have been told that if they use the same password on any other website logging in with the same email address, those passwords should be changed too.
I’ll confess: I used to do this, but have since seen the error of my ways and now have one password that I have trained myself to remember in order to access all of my other passwords. I use LastPass to not only generate but also store the passwords for the various websites I’m registered with. These days, my passwords are never anything less than a random 12-character alphanumeric string comprising numbers and upper-and lowercase letters. And that’s the way it should be.
If you have been using the same password on more than one website, you’re leaving yourself open to risk. It doesn’t matter whether you yourself get hacked, but one of the websites you use could be at risk. In fact, it doesn’t matter whether or not you’re a Gawker Media user: if you are using the same password on more than one website, go change your passwords now. You never know what might happen.
[Image by Simon Lieschke]