Gawkergate Password Mess Was Two Years in the Making
Gawker was told about the flaw in the method it used to store user passwords to its commenting system more than two years before it was hacked, the Guardian’s Charles Arthur reports.
A Gawker user posted a message on Get Satisfaction and received a promise to “improve it,” though no such improvement ever took place.
Well, we know how that turned out. A hacker group called Gnosis gained entry not only to the commenting system, but also to pretty much everything the Gawker team used to run its collection of sites.
Soon Twitter and LinkedIn were dealing with hacking attacks on their sites. Then Yahoo and World of Warcraft developer Blizzard forced users to change their passwords. And finally the collateral damage reached all the way to the New York Times.
We also learned that many of the people whose passwords were disclosed used simple ones. Topping the list: “123456.” And we all learned a little about the dangers of using the same password everywhere.
No comment yet from Denton, although I’ll certainly update if I hear back from him.
And in case you didn’t pay enough attention to all this, and why it’s not a good idea to share passwords across multiple sites, here’s a great cartoon from XKCD that illustrates the dangers: