In December 2010, the website Gawker had its database hacked by a group called “Gnosis.” It was confirmed that more than 1.3 million accounts were hacked for usernames and passwords. Gawker also operates other websites such as, Lifehacker and Gizmodo, and usernames and passwords were stolen from there as well. A security firm, Duo Security, came in and did an analysis of the hack. They found out that many of the passwords were very easy to guess with passwords such as 12345678 and letmein. Duo Security brute-forced 400,000 password hashes of the 1.3 million stolen by Gnosis and 200,000 of them were cracked in less than an hour. Other interesting things that Duo Security found out were that 99.45% of the cracked passwords were only alphanumeric and did not contain any special characters or symbols. There were a few ways that this hack could have been prevented. The first would be to require the users to have a password with at least 8 characters and have upper case and lower case letters, numbers, and specials characters or symbols. This would deter the cybercriminals from trying to hack the website because it would take much longer and they would need a more powerful computer. Another control that could have been used would be to have the account lock out after so many incorrect tries of the password. This would make it much more difficult for the hackers to keep trying different passwords. The last thing I think they could have done was upgrading their encryption. Gawker used a 56-bit DES (Data Encryption Standard) for their passwords and it had been broken more than a decade ago. 10 years ago, the encryption could be broken within in 22 hours and with new gpu-based cracking it makes it even faster. This definitely needs to be updated very soon before another attack occurs.