Within two days, sites like LinkedIn and later Blizzard Entertainment and Yahoo had advised their users to change their passwords.

The latest company caught up in all this is the New York Times. A little more than an hour ago, the Times sent an email to customers (see below) whose email addresses appeared in a searchable database of compromised Gawker commenting accounts, warning them that if they used the same password on nytimes.com as they did on Gawker, it would be a good idea to change it. There is no evidence of any funny business on the Times’ Web site.

Incidentally, in case you missed it, Gawker’s technology head, Thomas Plunkett, circulated a memo detailing what happened at Gawker and what it plans to do in response to the incident. One thing it will do is offer disposable commenting accounts that users can ditch easily, and for which storing an email address won’t be required.

Here is the email from the Times:

NYTimes.com Wed, Dec 22, 2010 at 5:15 PM
Reply-To: nytdirect@nytimes.com

In case you missed our recent article “Gawker Sites Hacked and Passwords Compromised”
http://nyti.ms/hjNvlY we are writing to inform you that databases belonging to Gawker Media were compromised and hackers obtained more than one million user names, e-mail addresses and passwords.

While there is no evidence of suspicious activity on NYTimes.com we wanted you to know that
the e-mail address you registered with NYTimes.com matches an e-mail address that was on
the list of Gawker e-mail addresses and passwords that were published online.

If you use the same password for NYTimes.com as you did for Gawker, we strongly recommend you change your password. Changing your NYTimes.com password can be accomplished by visiting the Member Center page: http://www.nytimes.com/membercenter. After logging in to your account, click on the ‘change’ button associated with the password field which can be found under the Account Summary heading.

Here’s a Gadgetwise post with tips on developing a good password (in brief: do not make it a real word, keep it long and mix in an unusual combination of letters and numbers).
http://nyti.ms/gGR3kz

Please contact Customer Support at 1-800-698-4637 or e-mail customercare@nytimes.com with any questions.

Have a safe and happy holiday season.

The New York Times Company
620 Eighth Avenue
New York, NY 10018

Example 1: Twitter saw a rash of promotional tweets for a bogus berry weight-loss product, the result of a security breach thought to be connected to the Gawker break-in.

Example 2: LinkedIn has temporarily disabled the accounts of any users whose email addresses turned up in the public database of hacked accounts. It’s asking those users to reset their passwords.

LinkedIn PR guy Hani Durzy says the move, which started yesterday afternoon, has only affected a “small fraction” of LinkedIn’s 85 million members. He says the social network made the decision proactively, not because it had any evidence that any accounts had been misused;  LinkedIn now has a blog post on the topic.

Some context/math: Gawker has said it has had to notify users of 1.5 million email addresses to change their passwords following the break-in.

If, for argument’s sake, half of those emails belonged to LinkedIn users, that would be less than one percent of the company’s user base. And likely much less: For some reason I have two emails connected to my single LinkedIn account. And both were exposed during Gawkergate, so I got two emails this morning.

No real debacles so far, but that doesn’t mean we won’t see them. Who’s next?

For all the noisy hubbub over should-we-or-shouldn’t-we-publish confidential documents hacked from password-protected accounts of Twitter employees, as well as a Twitter spouse, it is actually pretty simple.

Stolen equals stolen.

But, because this is a “hot” issue and it concerns an even hotter Web 2.0 company–Holy traffic-gooser, Batman!–the debate will surely go on and on, even as the stolen information inevitably leaks its way out.

Still, let’s not pretend what it is and is not.

It is most definitely not, for example, one of those great dramatic moments in journalism.

Thus, comparing the ruminations over whether to publish egregiously obtained information–however true–to the debate over a major event like the New York Times publishing the Pentagon Papers is pathetic.

It is, though, a tempest in a Silicon Valley teapot.

In point of fact, my colleague Peter Kafka, who works from New York, wrote me tonight:

“Was at a fancy schmooze tonight packed with digital media bigwigs: Viacom, NBC, News Corp, plus lots of start-up guys. TwitterGate was on *no one’s* lips. I talked to one guy who has a stake in the company and he pretty much shrugged about it–several people had no idea about it at all. Total non-news.”

It is not, however self-righteously (and pompously) put forth, much of a dilemma.

As the very clever John Gruber of Daring Fireball put it: “What you may ask, is the dilemma, since it is clear that any decent human being would simply refuse to have anything to do with something so lurid?”

Indeed, it is unequivocally wrong to publish documents you know or think were stolen or hacked, because it is aiding and abetting that theft.

In this regard, then, there should be no difference between “Web” journalism and the old-fashioned journalism–acting as if the former gets a “process journalism” (what a crock!) pass at standards and ethics that should be eternal and unwavering, no matter the medium.

And it is a little like pitting “gay” marriage against marriage, in order to create a false dichotomy, designed only to obfuscate the issues.

So, it also isn’t kosher to try to take focus of your own wrongdoing by pointing to other practices, which is almost always an obnoxious reach by the willfully immature.

While comparisons to leaked company documents have been made–and BoomTown knows from leaked corporate memos–this is a lazy-man’s argument, since it simply does not track.

The Twitter docs were stolen from personal accounts, an obvious pilfer, which immediately changes the equation completely.

While you certainly can have a lively debate about whether Yahoos should pass along some widely distributed memo that CEO Carol Bartz penned to the company, it is not even close to the same thing.

And, more to the point, if someone sent me emails jacked from Bartz’s own email account, I would not need even a second to know I would never use such information.

As I tweeted earlier today: A credible source a reporter knows giving accurate info is clearly different from a thief rifling through someone’s sock drawer.

That is especially true when you use material from a person you do not know. For the record: When I post a company memo, for example, I know and check out exactly who’s giving it to me and I don’t publish stuff just because it happens to land in my email box.

And, a minor beef, blaming victims for the theft by saying they have weak or inadequate passwords is also pathetic. It’s kind of like blaming people for being robbed because they had crappy locks.

I suppose there is a point in there, but the real finger of blame should always be firmly pointed at the burglar and those who fence his nicked goods.

That brings me to my final point–thinking you can handle dirty material and then act as if your hands are clean.

How hands get dirty is a concept even my children understand.

And if my kids ever said: “Hey, this stolen stuff is going to get out anyway, so let me be the one to ladle it out as I see fit”–I’d ground them for life.