If you’ve registered an account on any Gawker Media web site (that includes Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot), and you didn’t log in using Facebook Connect, then it’s best to assume that your username and password were included among the leaked data.
As usual, people are being advised to change passwords that they use for those sites and to change those same passwords elsewhere if used for other things. Indeed, a number of high profile individuals used the same passwords on Twitter and for Gmail as they used with Gawker, and so those have been compromised and abused.
1Password users, of course, should be using strong unique passwords for different logins. This way the compromise of one site’s database doesn’t threaten you in other places.
While this all-too-frequent event reminds us of the importance of good password management, it also reminds us that the places we use our passwords aren’t always making the best encryption choices on their end. The lesson here is, again, to use strong passwords, and don’t use the same password twice.
So what about 1Password and cloud storage? The good news is that from the very beginning we designed the 1Password data format to withstand the most sophisticated attacks imaginable. You can read more about that here. Stay safe out there!