Gawker Media seems to be back to normal for the moment (Lady Gaga IS still on the lookout for that unruly disco stick), minus the bar at the top of the homepage that says “Important: Gawker Commenting Accounts Compromised, Change Your Passwords. (more info)” and a post entitled “Gawker Security Breach: We’re Here to Help.” In addition, Nick Denton was “hanging out in crosstalk” today to answer commenter questions.
Nick Denton 11:01 AM
Hey, so this is me. (The real me.) I’ll be hanging out in #crosstalk today. I don’t have many technical answers beyond what we’ve already said in the FAQ. But I do want to tell you how sorry we are. I can also reassure those who worry about the role of commenters in the new Gawker. And I’m here for my beating.
Among the appropriately snarky commenter retorts (misslinda 11:16 AM @Nick Denton: I would give you a beating but I’m afraid you might enjoy it), and the photo above of which Denton said “Okay, here you go. That’s me on the left and Tom Plunkett, our CTO, on the right. We’re looking appropriately glum. It didn’t take any acting,” there are a few actual answers to actual questions about WTF happened.
We really weren’t sure until 4PM EST on Sunday that the user database had been compromised. We posted a statement and warning within an hour of that. And we’ve been doing our best since then to communicate in the Lifehacker FAQ and responses in the comments. But I guess we were somewhat in shock earlier on Sunday and didn’t acknowledge the worst-case scenario until it was upon us. I’m so very sorry. We’re trying to make up now for our earlier failings.
Regarding further clarification of response timeframe, given the Twitter hack that happened on Saturday:
We thought internal email had been compromised — and that hackers had got access to some internal accounts such as Twitter, obviously. (You know we didn’t post that note on Twitter, yes?) It was only on Sunday afternoon that we realized the commenter database had indeed been copied — and simple passwords cracked. We posted immediately on the sites.
Will the “peasants” be mollified? Remains to be seen…
NefariousNewt 02:07 PM
@Nick Denton: Baloney. It could have been done with a ten-line Perl script. That you didn’t have that capacity at the ready shows just another facet of your short-sightedness.
And don’t think a cute picture with a white cardboard sign makes up for a damned thing. You can snow a lot of people under, but I’m not so easily placated. You drive Gawker and its sites like a New York City taxi cab and its a wonder this didn’t happen sooner. I’ve watched your staff break the site a hundred time, and despaired that anyone at Gawker knew the first thing about extensible, large-scale programming.
I’m pissed, more pissed than many, because IT is my livelihood, and its events like this that screw up everything. I’ve worked with personal data my whole life, and if I’d made a mistake this egregious, I’d have drummed myself out of the business. Data is like uranium — you handle it carefully, keep it contained, and make sure you know where it goes. You’ve been handling it like Silly Putty.
Denton’s response, “Yes, this was a big wake-up call. We’ve been too focused on new expansion and not enough on shoring up our existing systems.”
Via the New York Post, Denton is expected to meet with the FBI tomorrow about the incident.
Separately, Slate has this handy widget that lets you enter your email to see if your account was one of the 1.25 million accounts hacked and now possibly being used to tweet about acai berries (Jesus). They promise “we won’t be storing these addresses or using them for any other purpose.”