PSA: Don't Forget To Change Your Jalopnik Password

Edward Niedermeyer
by Edward Niedermeyer
psa don t forget to change your jalopnik password

We know there’s more than a little overlap between TTAC and Jalopnik, the Gawker Media empire’s car blog, so we’d like to remind our readers who do have a commenting account at Jalopnik to change their password (since Gawker was apparently too “in shock” to warn users earlier). Gawker Media was attacked by a group of hackers known as Gnosis, and at least 200,000 Gawker user accounts have been hacked, exposing commenters’ login information and allowing some Twitter accounts to be taken over and used to send spam messages. The attack on Gawker was reportedly a response to the blog pioneer’s “outright arrogance,” and some have speculated that it was related to Gawkers antagonism of the famed hacker hangout 4chan; we reckon that Lotus was somehow behind it. To find out if your account has been compromised, surf over to, or simply change your password at Jalopnik or any other Gawker Media site. Or, you could just delete your account and become a regular here at TTAC instead. Just saying…

Join the conversation
8 of 45 comments
  • Geeky1 Geeky1 on Dec 13, 2010

    Since, in light of this incident, I'm not going to be commenting (or visiting) over there again, I'm going to go ahead and express my disgust here. This whole incident was mishandled from the beginning, and it's very clear that the people running Gawker really don't give a shit about their users. From their classifying us as "unimportant (...) peasants" ( ) to the fact that the hackers apparently had access to the servers for at least a month before they determined what was going on, to the length of time it took them to let us "unimportant peasants" know about the data breach, everything about this situation indicates that they don't value their source of revenue at all. They were using DES encryption for their users' passwords, a standard that's going on 40 years old and which was cracked in freaking 1998. Especially now that the hackers have made all of the data they obtained publicly available, it's not a matter of if your Jalopnik password will be cracked, it's a matter of when. With the processing power available in modern computers, an individual's e-mail and associated password can be decrypted in a matter of hours-if not minutes or seconds. And, as if that weren't enough, these idiots apparently didn't even store any input beyond the 8th character; i.e. your password on Jalopnik could have been "supercalifragilisticexpialidocious", but all you would have had to type to log in is "supercal" because the remaining 26 characters were just discarded. Furthermore, their servers were on Linux kernels that were years out of date. You can argue back and forth about Linux vs. Windows security in a server environment all day long if you really want to, but Linux has security holes of its own (as evidenced by this attack) and running kernel versions that far out of date on anything interacting with the internet can only be considered moronic. I mean I thought that I was a lazy sysadmin because I forget my weekly backups sometimes but judging by this event the Gawker IT department evidently spends all of their time at work eating cheetohs and watching porn. There's no excuse for security this lax on a major website. And in spite of having outdated, halfassed security systems these idiots went out and antagonized 4chan and the hacking community in general. Essentially they were playing Russian roulette with their users' data-and their own, apparently-with a semiautomatic. Gawker can go to hell. Additional reading for those that care:

  • Ronnie Schreiber Ronnie Schreiber on Dec 14, 2010
    Ed, we appreciate your help in spreading the word to all nine of our site’s 22,503 commenters who came over from your post to change their passwords. - Ray Wert Ray, my fellow MOT, since you’re obviously following this thread, I’d like to point out to you that there is at least a little irony in your comments on this thread. I suppose you meant to show how puny our readership is compared to the mighty giant that is Jalopnik (

    • See 1 previous
    • Ray Wert Ray Wert on Dec 14, 2010

      Not to belittle TTAC, as I have read the site fairly frequently, but I actually found the post because I have a Google Alert set up for "Jalopnik." Also, I don't really think we're TTAC competitors. I think Autoblog's industry-obsessive content is likely closer in content level to TTAC -- even if the style is different.

  • Bertel Schmitt Bertel Schmitt on Dec 14, 2010

    Ed, we appreciate your help in spreading the word to all nine of our site’s 22,503 commenters who came over from your post to change their passwords.

    TTAC's server says that yesterday, was the most clicked outgoing link on TTAC. Today, it trails in the #2 position behind And that's only because someone is ruining all the fun at Curbside Classic Clues.

    • See 1 previous
    • Bertel Schmitt Bertel Schmitt on Dec 14, 2010

      To Ray: I don't think you have access to the access logs of and referrers to, so you can only form a highly uneducated opinion.

      To all: While changing your password to any of the Gawker sites is good advice, here is better advice. If you are one of the many who use the same email and password for multiple sites (and don't we all sometimes do that?), you should immediately change your login information to those other sites. Like now.

      You account data is often stored and accessible. You can be impersonated and used for nefarious purposes. If you are one of the many of us who log into other sites with the same email and password and who then forget where they logged in, then you are in deep doodoo.

      Gawker stores the passwords in encrypted form (as any responsible site should do) but their encryption did not hold up to a simple cracking tool, as described here. To make a long story short, many if not most email/password combinations used on all the Gawker sites are there for the world to see.

      Use something like or to check whether you are on the list of compromised Gawker data.

      Techie part:

      Even the toughest encryption cannot protect you if you use a simple password like "Swordfish". The way this works is when you sign on, your password gets converted to encrypted data, called a "hash" and is stored. A hash cannot be decrypted (at least it should not). But the same password always creates the same hash. That's how you are being let in when you log in the next time. Knowing that, a cracker compiles a wordlist and converts the list to hashes. Once the hashes are created, the cracker compares the stored data with the hashes in the compromised data, and bingo, there are the passwords. That's why they tell you to use at least a number or special character in your password. Even that is not foolproof.The best password is a totally random word, upper and lower case, with numbers, something like d65Gh234hJSF. The next best is to remember one sentence, like "I want to have sex with two girls" and then turn that into Iwth6w2g . But then again, don't use the same sentence for many sites. Why? Some sites I knew WANTED to know your password in cleartext and patched the software so that the cleartext password was stored with the hash ...

  • Ash78 Ash78 on Dec 14, 2010

    Settle down, guys....I remember when these two sites were more complementary of each other (that's complementary with an "e" and maybe sometimes with an "i"). Jalopnik has gotten more off-beat, while TTAC has gotten VERY businessy. That divergence has been good, IMHO, and that's why they're the only two general auto sites I visit (well, at least until work blacklisted Jalopnik a few days ago. I guess I was spending too much time