Quantcast

Gawker Hack Headache Not Over Yet?

201012_derpderp.jpg
From the hacker's post on Gawker.
The fallout from this weekend's Gawker hack keeps coming. But are things going to get more "Gawkward" (oh, New York Post)? If the hackers have as much data as some suspect, they might soon!

While honcho Nick Denton met with the FBI on Tuesday to discuss the attack—which has put info about the site's 1.3 million registered users out in the open—the Observer today worries about the prospect that Sunday's data dump will soon enough become a "WikiLeaks-style flood." It is becoming increasingly clear that the hackers in question had access to Denton's e-mail for more than a month, so the prospect that they have entire e-mail boxes of many Gawker employees mail doesn't seem so far fetched. "These are emails that contain stories in progress, the identities of anonymous sources and God knows what else."

Meanwhile non-Gawker companies are reaching out to those who may have been affected by the hack. This morning Amazon sent a number of its users the following e-mail:

At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email address and password sets posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on several websites. We believe your email address and password set was on that list. So we have taken the precaution of resetting your Amazon.com password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your Amazon account.

Wasn't that nice of them? And wasn't it nice of LinkedIn to do the same?

Contact the author of this article or email tips@gothamist.com with further questions, comments or tips.
By Garth Johnston in on December 15, 2010 1:08 PM

Comments [rss]

  • souper_crackers

    I'm not commenting to hate on Gawker, I'm commenting to hate on the photo accompanying this. Not necessary.

  • homerone200

    The use of the photo of the autistic girl with "derp" as a symbol of stupidity is pretty offensive. I'm pretty sure, Gothamist and Mr Johnston, that you could find some other image of human stupidity that doesn't prey on innocent kids with natural disabilities, portraying them as idiots who can't speak properly. Lame.

  • gr0o

    1) She has Down's Syndrome. Autism has no typical visible characteristics.
    2) This is the image that the hackers put up on the Gawker main page.
    3) Can we use your picture?

  • souper_crackers

    It might be a nice touch for them to caption the photo here, so we know that that was it was in fact the one used on the Gawker homepage (for those of us who didn't look at the internet during that time frame). Then we know that they didn't just throw a poorly thought-out image to accompany this piece, which has happened before here.

  • Garth Johnston

    You are right Stephanie. I've added the caption. Sorry to have upset you.

  • MermaidFornicator

    gothamist is using the derp photo because the hackers placed the derp photo on the gawker homepage when they were in control of the site.

  • homerone200

    noted.

  • souper_crackers

    Jinx! I actually GISed "derp" to see if just maybe, just maybe, this was result #1. It's not. It's #1 if you search "derp retard" though.

  • mcsoxerhoff

    I didn't even know I had a gawker account, but apparently I once signed up for it and never used it, and now all my info is out there.

    wheeeeeee

  • souper_crackers

    Did you look at the widget to see if your email was one of the released ones?
    http://www.slate.com/id/227776...

  • Gwinny

    ugh. mine was. I haven't even posted on Gawker since 2007.

  • jaycjay

    So was mine, and I don't remember ever posting there. I guess it could have been one of the other sites in their network, and I think I may have once posted Jalopnik so that's probably it.

    But I tried to log in and couldn't remember the password. It wasn't saved in either of the browsers I've used in the last couple of years. So after a few attempts, I chose to reset it. And unlike probably every other site I've used in the past several years, that's what it did. Immediately.

    No confirmation prompt, they just send an email with your new temporary password and no way to cancel the request or indicate that you didn't make it. Anyone who knows the email address of anyone who has an account in the Gawker network could reset that person's password just as easily as their own.

    And of course what this means is, unless I get a copy of that data dump and crack it myself, I have no way to find out what that password was. So I have no way of knowing if I've used it on any sites.

    Those hackers are right. Gawker's tech people are idiots.

  • jaycjay

    Yep. Took me about 40 minutes. Including a snack break.

    Found the data, located my email address in it, along with the DES-encrypted password. Didn't take long from there to confirm that it is a password I've used at a few other sites. No place where I really care about it being secure (and it turns out to be a username I've never used anywhere else), so that's the good news. But still I have to visit a few sites and change that password.

  • JenChungsBaby

    This is why I post at a stupid insignificant blog that nobody cares about -- Gothamist.

blog comments powered by Disqus
Home

best of gothamist

send a tip

tips@gothamist.com

about

staff / advertising / contact / newsmap

newsmap

newsmap