From Felix Salmon:
Update: Gawker Media now has a FAQ up, which stops short of an apology. What Gawker didn’t do — but what the good people at Hint did do — is email everybody whose email and password were made public, to inform them of that fact. “In situations like this, time is of the essence, which is why we were surprised & shocked to find that Gawker Media hadn’t taken the initiative to notify you of this privacy breach immediately,” they wrote. I’m with them: Gawker should have done what Hint did. But, thankfully, now they don’t need to. And if you haven’t received an email from Hint, there’s a good chance that your email and password have not been made public.
http://blogs.reuters.com/felix-salmon/2010/12/13/gawker-media-gets-hacked/
― Allen (etaeoe), Monday, 13 December 2010 13:32 (thirteen years ago) link
I hacked my mates facebook account so I could right stuff in his status. His password was his surname. When he discovered that someone had hacked it he changed his password.... to password. When his staus's started changing again he just started commenting on them saying "WHO ARE YOU!!!" instead of changing his password again because he thought it was impossible someone could have guessed it twice.
― cozen, Monday, 13 December 2010 14:18 (thirteen years ago) link
I suspect it won’t be “Gnosis” since it’s evident from this dump that Gawker’s engineering and I.T. department is shockingly amateurish (e.g. using DES hashes and running everything off of an individual DB schema). Is Gawker liable for their incompetence and bizarrely deficient security practices?
I think it's pretty obvious that Gawker got hardpwned because of some pretty egregious security practices on the part of administrators who should know better, but if you leave your house key under the doormat, people are still criminals if they use them to come in and steal your shit.
That said, Gawker Media is still waaaay understating the risk here, and should be contacting all users via email. It's true that there was some level of obfuscation on user email addresses/passwords, but someone had access to the full database, the source code, and root access on the server. There's nothing in that database that's completely safe.
― mh, Monday, 13 December 2010 14:56 (thirteen years ago) link
XD
― vladimir pootawn (am0n), Monday, 13 December 2010 15:16 (thirteen years ago) link
i think max should write each user individually
― tickle me imo (s1ocki), Monday, 13 December 2010 15:26 (thirteen years ago) link
For that personal touch, yes.
Man, that reminds me of some guy we interviewed for a job at work who sent a handwritten thank you card to each person who interviewed him. He seemed like a nice dude, but was way desperate and had no ability to answer technical questions in an interview. I left that damn card unopened on my desk for two weeks because I didn't need a guilt complex.
― mh, Monday, 13 December 2010 15:29 (thirteen years ago) link
^^^are you UK or US? this is apparently more of a thing in the US but it bO_Oggled my mind when they were discussing it in the dole thread
― cozen, Monday, 13 December 2010 16:20 (thirteen years ago) link
http://www.zarcrom.com/users/yeartorem/awards/gawking.jpg
― buzza, Monday, 13 December 2010 17:08 (thirteen years ago) link
yeah why the hell did i make a gawker account
― k3vin k., Monday, 13 December 2010 17:26 (thirteen years ago) link
http://rlv.zcache.com/gawk_all_you_want_tshirt-p235327177861775555qiuw_400.jpg
― vladimir pootawn (am0n), Monday, 13 December 2010 17:30 (thirteen years ago) link
I got what I thought was a spam email abt this. What do I need to do?
Is it the reason my laptop was afflicted w/ System Tool virus for 4 hours Saturday?
― kind of shrill and very self-righteous (Dr Morbius), Monday, 13 December 2010 17:39 (thirteen years ago) link
http://www.macobserver.com/images/newreviews/99/991022nortonutilities5/num50bp.gif
― vladimir pootawn (am0n), Monday, 13 December 2010 17:40 (thirteen years ago) link
NYC goin' down
― would like a calmer set (Eazy), Monday, 13 December 2010 17:41 (thirteen years ago) link
morbs if you use the same pw on any other site, change em
― tickle me imo (s1ocki), Monday, 13 December 2010 17:42 (thirteen years ago) link
http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/
― would like a calmer set (Eazy), Monday, 13 December 2010 17:44 (thirteen years ago) link
oh, like I remember what my Gawker password is!
― kind of shrill and very self-righteous (Dr Morbius), Monday, 13 December 2010 17:47 (thirteen years ago) link
try qwerty or 12341234
― vladimir pootawn (am0n), Monday, 13 December 2010 17:52 (thirteen years ago) link
metsfan
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 17:53 (thirteen years ago) link
or password
― vladimir pootawn (am0n), Monday, 13 December 2010 17:53 (thirteen years ago) link
filmbuff
pa$$word
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 17:54 (thirteen years ago) link
gawker
sizemore
― mc cockeyed optometrist (brownie), Monday, 13 December 2010 17:56 (thirteen years ago) link
I usually use the same unguessable password whenever I can
― kind of shrill and very self-righteous (Dr Morbius), Monday, 13 December 2010 17:57 (thirteen years ago) link
also, waiting for one funny one
http://stevelundeberg.mvourtown.com/files/2010/06/password.jpg
― buzza, Monday, 13 December 2010 17:58 (thirteen years ago) link
pw: unguessable
― vladimir pootawn (am0n), Monday, 13 December 2010 17:58 (thirteen years ago) link
On November 11, Dr. Morbius received a notice that he had set up a new username and password at Gawker chat rooms. Because he knew he did not request this, and also had been told by someone else that he had been logged into Campfire (but also knew he had not), he asked members of his team to investigate. He did not however bother to change any of his other accounts that used the same password as his Campfire account.
― tickle me imo (s1ocki), Monday, 13 December 2010 17:59 (thirteen years ago) link
Can I do the old "I tried using 'penis' as my password but it told me it was too short" gag now, please?
― James Mitchell, Monday, 13 December 2010 18:00 (thirteen years ago) link
not really trying to zing morbz. I work for a website and can peer in at user pw's. I'm just amazed at how little thought goes into them. hogsfan, gohogs, f00tball, thurman94.
And that's not just the pa$$words, birthdays and us3rnames typed with numbers. If I ever get drunk with power, I could probably have a field day reading email at AOL.com.
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 18:01 (thirteen years ago) link
the ultimate power trip
― tickle me imo (s1ocki), Monday, 13 December 2010 18:02 (thirteen years ago) link
http://farm1.static.flickr.com/27/39038706_6313b6b178.jpg
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 18:06 (thirteen years ago) link
that forbes blog post is interesting but is weirdly written, like it's been google-translated or somethign
― tickle me imo (s1ocki), Monday, 13 December 2010 18:08 (thirteen years ago) link
Maybe written by a Polish hacker trying to throw everyone off the scent.
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 18:09 (thirteen years ago) link
sh0ts0frum
― would like a calmer set (Eazy), Monday, 13 December 2010 18:11 (thirteen years ago) link
http://www.ocregister.com/articles/data-279937-mcdonald-personal.html
― markers, Monday, 13 December 2010 19:30 (thirteen years ago) link
Like the unique African Baobab tree, which nourishes its community with its leaves and fruit, McDonald's has branched out to the African-American community.
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 19:35 (thirteen years ago) link
http://www.technology-guide.co.uk/images/8GB_hambager.jpg
― buzza, Monday, 13 December 2010 19:59 (thirteen years ago) link
my email was included but i also didn't get one from gawker
― ad hom alone (J0rdan S.), Monday, 13 December 2010 20:39 (thirteen years ago) link
so was mine, and i didnt get an email from max either
― tickle me imo (s1ocki), Monday, 13 December 2010 20:40 (thirteen years ago) link
tickle you in your opinion
― vladimir pootawn (am0n), Monday, 13 December 2010 20:41 (thirteen years ago) link
I think the real mistake was in creating a gawker account
― deej me how to whiney (dayo), Sunday, December 12, 2010 11:53 PM Bookmark
― http://tinyurl.com/ccccccccccccccccc (Pleasant Plains), Monday, 13 December 2010 20:42 (thirteen years ago) link
― tickle me imo (s1ocki), Monday, December 13, 2010 2:40 PM (1 minute ago) Bookmark
well, this is a separate issue from the gawker hack -- max's girlfriend was getting too jealous
― ad hom alone (J0rdan S.), Monday, 13 December 2010 20:43 (thirteen years ago) link
did she say anything?!?
― tickle me imo (s1ocki), Monday, 13 December 2010 20:44 (thirteen years ago) link
move the entire network of blogs to tumblr imo
― markers, Monday, 13 December 2010 21:32 (thirteen years ago) link
i'm gonna keep a running tally of sites that have closed my accounts due to suspicious activity
- gmail- linkedin (lol you guys can take this one)
― J0rdan S., Tuesday, 14 December 2010 04:23 (thirteen years ago) link
wait, they closed your gmail account?
― markers, Tuesday, 14 December 2010 05:09 (thirteen years ago) link
yeah -- when i woke up this morning my droid had an error message (OS is linked w/ google) so i knew something was up, went to gmail & had to enter my phone number, they texted me a code, i entered that code into gmail & they allowed me to change my password
so i'm back in now
― J0rdan S., Tuesday, 14 December 2010 05:11 (thirteen years ago) link
oh ok
― markers, Tuesday, 14 December 2010 05:12 (thirteen years ago) link
Oh shit, I registered a Gawker account at some point? Fuck me.
― Zsa Zsa Gay Bar (jaymc), Tuesday, 14 December 2010 05:13 (thirteen years ago) link