Nick Denton "So Very Sorry" About Giant Gawker Media Hack

It takes something pretty catastrophic for Nick Denton to apologize in public. So mark this one down: The Gawker Media owner says he’s “so very sorry” about the hacking attack that exposed some 1.5 million of his readers’ passwords.

Denton being Denton, he made his mea culpa in a relatively obscure corner of his blog network–an open comments thread with Gawker readers. And if you had a bit too much of the wrong kind of skepticism, you might think that this photo Denton posted to the thread was a bit cavalier:

But nope, says Denton. That’s real contrition: “Okay, here you go. That’s me on the left and Tom Plunkett, our CTO, on the right. We’re looking appropriately glum. It didn’t take any acting.” (Also worth noting that Denton was responding directly to a reader request for “a photo of yourself wearing a dunce cap or something of that nature. With a big ‘I’m sorry’ sign.”)

In more important news: Denton’s sites, which stopped posting yesterday afternoon as a result of the attack, are now back up again. And if you’ve ever left a comment on one of the sites, you should go there and change your password, then do the same at any other site where you’ve used the same login/password combo.

A few other notes:

Gawker Media says that readers who used Twitter or Facebook logins to leave comments on the blog network haven’t been affected. But people who used the same login on Gawker as they have on Facebook or Twitter may very well be in trouble. Which may be one reason so many Twitter users I know are now promoting a bogus weight-loss berry.
There’s a Google document that contains some of the hacked email/login info, and something called Hint has been emailing some hacked commenters with a reminder to change their passwords. (Who are they? Why do they want to associate their yet-to-launch site with a security breach? Anyone?) But not finding your info on the document and not getting an email doesn’t mean you don’t have a security problem. Play it safe and change your password now, regardless.

http://www.webhostinglogic.com/ Ben Webb

Basically, it is a no-no security wise to use one password for all your sites. That is the number one rule on internet security. Obviously the hackers knows what to do with the database of email accounts they got from Gawker.
http://mediamemo.allthingsd.com/ PKafka

Yup. But this basic security rule also conflicts directly with the real world: Even people who know better (a relatively small percentage of Web users) are hard-pressed to create new pw/logins for every place on the Web that requires them. So I assume that most people make some sort of compromise — like, for instance, they use one set of pw/login for low-prioirty sites, and more comprehensive ones for banks, credit card info, etc.
http://twitter.com/Journalismo Keith Vance

The most annoying aspect of this story is that you can’t delete your Gawker account. Once it’s setup, it’s there for life.
http://mediamemo.allthingsd.com/ PKafka

I think in their FAQs, they mention that they’re working on a permanent delete.
http://blog.macb.net macbeach

I think that may take care of itself as I for one don’t intend to sign up with them again. They wisely anticipated the downturn, but sold off or closed the wrong properties IMHO. The handling of the transfer of names and passwords between formerly separate properties at that time was transparent and ill-advised.

As someone who hasn’t used their site for many months I now have to figure out if there was any overlap between the password I used there and any other I use.

Only solution is to change all passwords everywhere. Thanks Gawker, and GTH.
http://www.privacylover.com Frank Merlott

Everyone has over 20 passwords nowadays you can’t expect people to remember all of them and not to use the same.

Websites should force people to use a password manager by default, that is the only way this can be solved, of course securing their database from hacking also helps.
http://www.computercreditfinancing.net/cheap-laptops-financing cheap laptops financing

Please give me more information. I love it, Thanks again.
Anonymous

If Nick Denton actually gave a flying f*** he would allow people to immediately delete their Gawker account. Gawker media deserves the Internet Death Penalty for this screw up.
http://coderoid.livejournal.com/ coderoid

Better yet, websites need to use OpenID and stop requiring creation of accounts when all they want is identify the reader, not authenticate him.

Nick Denton "So Very Sorry" About Giant Gawker Media Hack

comments so far. Add yours.

AllThingsD by Writer