You might have heard that several blogs from the Gawker blog network were compromised because of a security breach in Gawker’s media servers. If have ever commented on any of the sites e.g Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot – chances are that both your email address and password is available in the public web.
The Threat With Gawker Email List Being Exposed
If you are using the same username and password combination for your Gawker account and for all the email addresses, social networking accounts, blog accounts – skip reading this article and change the passwords immediately. You should not only change the password for your Gawker account, make sure you first change the password of your real email address, Facebook account and so on.
On a sidenote, I never use my main email address for signing up or commenting on blogs, forums etc. Thankfully, the Gawker blog network had a handy option to comment using a user’s Facebook account, so my email address wasn’t exposed at all. But that’s just me !
Find If your Email address appears In the Hacked Gawker List
If you are worried whether the email address and the password of your Gawker account is available on the public web, head over to this page and enter your email address in the widget. Hit the submit button and the widget will tell you whether your email address is exposed on that hacked list.
Find If Your WordPress Blog User’s Email address appears in the Gawker list
If you write a multi authored WordPress blog and have many writers, chances are that some of them are unaware of the Gawker hack incident.
Some of your blog authors, editors or maybe administrators might have been a commentator at Gawker media and if they are using the same username, password combination in the WordPress blog, your site just might be the next victim (God forbid)
One option is to change the password manually from WordPress admin, but if you have a large number of guest bloggers and contributors – you can skip the manual way and use a WordPress plugin by Slate.
The Shared User WordPress plugin checks whether the email addresses of your blog authors appears in the Gawker’s hacked list. If a match is found, you are shown an option to reset their passwords. If no match is found, nothing is returned which means none of the email addresses of your blog authors are present in that deadly list.
I tested the plugin on this blog and no results were returned. Phew !
Matt Brian, one of the bloggers at The NextWeb managed to test the plugin and got the results for which the plugin is built. Some of the author’s email addresses matched with the hacked Gawker list, as shown in the screenshot below:
How the Plugin Works:
The folks at SecTheory took the Gawker hacker list, parsed the results and then developed an API that would allow users to find whether or not their account’s were compromised. Joost De Valk , one of the famous WordPress plugin developers took this API and extended it by making the Shared user protect WordPress plugin.
This plugin is a lifesaver for multi authored blogs runing on WordPress – run the checks, find if any email address is compromised and then reset the passwords.
Oh, did I mentioned that the plugin is entirely free ?