Gawker hacking points up password weakness

Associated Press

SAN FRANCISCO

The fallout from a hacking attack on Gawker Media Inc. a week ago underscores a basic security risk of living more of our lives online: Using the same username and password for multiple sites is convenient but costly.

After the attack on the publisher of such blogs as Gawker, Gizmodo and Jezebel exposed account information on as many as 1.4 million people, several unrelated companies had to freeze their accounts and force users to reset passwords.

Gawker Media itself didn’t have all that much sensitive information about its users. But the usernames and passwords obtained there could open doors to more-valuable accounts elsewhere, including e-mail and banking.

Twitter, Google Inc. and Yahoo Inc., among others, saw the potential damage and began resetting their passwords en masse, disrupting users as they tried to check their e-mail or post a tweet.

“It shows one of the fundamental problems with passwords — they get reused and shared across multiple sites,” said Jeff Burstein, a senior product manager with the Symantec Corp. security firm.

Despite repeated warnings from security companies not to do so, users tend to reuse passwords anyway because they can be hard to remember and manage.