Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Gawkergate Password Mess Was Two Years in the Making

Gawker was told about the flaw in the method it used to store user passwords to its commenting system more than two years before it was hacked, the Guardian’s Charles Arthur reports.

A Gawker user posted a message on Get Satisfaction and received a promise to “improve it,” though no such improvement ever took place.

Well, we know how that turned out. A hacker group called Gnosis gained entry not only to the commenting system, but also to pretty much everything the Gawker team used to run its collection of sites.

Gawker was hacked. Gawker founder Nick Denton apologized. But the damage wasn’t limited to Gawker and its users.

Soon Twitter and LinkedIn were dealing with hacking attacks on their sites. Then Yahoo and World of Warcraft developer Blizzard forced users to change their passwords. And finally the collateral damage reached all the way to the New York Times.

We also learned that many of the people whose passwords were disclosed used simple ones. Topping the list: “123456.” And we all learned a little about the dangers of using the same password everywhere.

No comment yet from Denton, although I’ll certainly update if I hear back from him.

And in case you didn’t pay enough attention to all this, and why it’s not a good idea to share passwords across multiple sites, here’s a great cartoon from XKCD that illustrates the dangers:


Latest Video

View all videos »

Search »

The problem with the Billionaire Savior phase of the newspaper collapse has always been that billionaires don’t tend to like the kind of authority-questioning journalism that upsets the status quo.

— Ryan Chittum, writing in the Columbia Journalism Review about the promise of Pierre Omidyar’s new media venture with Glenn Greenwald