Forbes – The Real Lessons Of Gawker’s Security Mess
Despite this, they do not really seem to be acknowledging the scale of what happened. They still try to put some blame back on users, suggesting that if they had a weak password they might be compromised. Well, that really does not make much of a difference when you expose the entire database table and have way too much faith in the 34 year old encryption algorithm reported to be used to safeguard the data. In truth, they had over a month to find this problem but diagnosed the early warning signs in November improperly, were very obviously breached (and told they were breach by others) on Saturday, and it still took until Monday afternoon to say anything to their user base. And in the meantime their representatives were releasing statements via Twitter up until Saturday evening that were either partially or totally incorrect.
via Forbes – The Real Lessons Of Gawker’s Security Mess. Basically whatever bad/stupid thing Gawker could have done they did including ignoring the problem. Perhaps their lowest moment comes when accounts of their users are posted on an internet forum and their response is well, who cares it’s “just the peasants”.
In perhaps a good example of don’t write it if you wouldn’t want someone to read it, this screenshot from the attackers showed up on thenextweb.com, detailing a conversation from July 22nd between internal Gawker employees noting that usernames and passwords for Gawker users had shown up on 4 chan. In the chat, Gawker’s Hamilton Nolan, after hearing that it is just Gawker users who have been compromised, remarks “oh, well. unimportant”. Gawker’s Richard Lawson wants to know if the breach is limited to “just the peasants?”
Hopefully this is another in the long list of reminders to use secure, safe passwords, perhaps more importantly use a tool like 1Password to generate random passwords for every site you log into.