gawker hacked

Regarding the Hacked Gawker Comment Accounts

Nobody at Gawker Media has told us anything. We only learned about it early this morning, after we returned from a Christmas party and found a mysterious mass email claiming all of Gawker Media’s logins had been hacked and posted online — including those of people who simply commented on Gawker sites.

FIRST: If you currently comment on Wonkette using the Intense Debate system, then you’re not part of this Gawker thing. But if you have commented on Gawker sites — Gizmodo, Lifehacker, Jezebel, etc. — then it’s very likely your info is floating around in some form or another. Again, we’re just reading the news here. Wonkette has not been part of Gawker Media for nearly three years now.

BUT: If you’re an old-timer and used to comment back in the days of Pareene/Layne, way back in 2006-2007, you will want to make sure you’re not using that same username/password combination for other stuff. And if you comment on Gawker sites today, regardless if you comment on Wonkette …. well, we have no idea what anyone should do. We are hoping to hear from Gawker Media today, with some clear instructions for people who commented on those sites in the past or present. Until then, just make sure you aren’t commenting on ANY website or public forum with the same login/password you use for important stuff such as banking.

Jesus christ, the Internet is just awful. All of it.

Related video

Here are the latest news articles about this Gawker hack thing.

Related

About the author

A writer and editor of this website from 2006 to early 2012, Ken Layne is occassionally seen on Twitter and writes small books and is already haunting you from beyond (your) grave.

View all articles by Ken Layne

Hola wonkerados.

To improve site performance, we did a thing. It could be up to three minutes before your comment appears. DON'T KEEP RETRYING, OKAY?

Also, if you are a new commenter, your comment may never appear. This is probably because we hate you.

63 comments

  1. noodlesalad

    They can have my overdrawn credit card numbers, they can have my bankrupted social security number, they can even have my amerobucks, but if they start making up pro-Palin comments in my fake name, it's gonna be time for a reLOVEution.

    1. StillGoinGreen

      I regret that I have but one social security number for them to get turned down when applying for credit. Hey, I do have three credit scores!! However, they don't add up to my age right now, but I STILL GOT'EM!!

  2. cheaphits

    Who ya gonna call?

    If only Gawker had stayed on the friendly side of Ms. Sarah Palin, then her "Interwebz Vengeance Team" would have the perps by now. Look how she beat off ol' "White Boy" Julian's sausage and ruined the life of that poor kid in TN. He got jail time and a fine for guessing Sarah's password, which admittedly, because of Ms. Palin spelling and memory limitations, had to be short and simple.

    But, there seems to nothing this woman can't do – well, except get elected VP, raise a family, win a beauty contest, keep a job, stay at one school long enough to unpack. think,speak or write coherently and avoid being self absorbed.

    1. Redhead

      I don't think it's Palin so much as all their posts about /b/ and 4chan and Anonymous that probably pissed someone with hacking skills off.

      Not that that will stop her from taking credit while simultaneously playing the victim, I'm sure.

  3. arihaya

    Sarah Palin's site got hacked

    Gawker's site got hacked

    is now somehow Gawker is allied with Sarah Palin?

  4. Naked_Bunny

    So my policy of using the same username and password both at my bank and at random websites I never figured I'd come back to after a single comment is perhaps, in retrospect, not the most secure?

    1. Rarian Rakista

      I just use a random password generator for each site and keep remember password on my browser checked. When I lose access I just have the email me the password again and I change it.

    1. natoslug

      I've always found it easiest to keep my password and username the same. That way I always remember it. It's so simple, nobody'd think to check!

    2. prommie

      Hide it in plain sight, thats sure to work, its brilliant! And make you password "password," everyone knows your not supposed to do that, so noone would ever think you did! And noone would ever think of flying airplanes into buildings, its, its unpossible.

  5. Steverino247

    Here's the problem with Internet crime. Nobody in law enforcement (except maybe the United States Secret Service and the FBI, but they're looking for "terrorists" 24/7) understands it and the victim needs to complain to his/her local law enforcement agency when the criminal is sitting in Africa or Bulgaria someplace.

    Example One: A friend's Yahoo! e-mail account is hacked and desperate sounding e-mails go out to his address book begging for money to be wired to the UK. I figure it out and actually call fucking Scotland Yard. Scotland Yard, who can stake out the Western Union address and catch these bastards, instead refers me to the police in my friend's small town that contracts those services to the County Sheriffs. What the fuck are they going to do about that? Send an officer to the UK?! And why is Western Union allowed to stay in business when they are obviously a conduit for illegal scams of all types?

    Example two: Restraining order violations using the Internet. As long as your psycho hose beast ex- never returns to the jurisdiction where the RO was issued, they can do pretty much as they please with your personal information because, again, you have to complain to the local fuzz who have no fucking clue about what an IP address is. You know exactly where the crime in being committed, but that jurisdiction can't do anything. And even if they did do something, it's a misdemeanor and nobody's going to pay to extradite the bitch from Temple, Texas to California for violating a criminal protective order issued out of Vancouver, Washington. Now, if the laws were changed so you could report it to the local law enforcement agency where the harassment was actually being committed, they could stand outside the door and hear the aforementioned psycho hose beast screaming at you, knock on the door and make the arrest. Problem solved.

    1. Naked_Bunny

      why is Western Union allowed to stay in business when they are obviously a conduit for illegal scams of all types?

      Hey, it's not like they are transacting donation payments for Wikileaks.

        1. Naked_Bunny

          I've actually had to use Western Union. Those rates are accurate. And they sent the money to Alaska instead of Arkansas by mistake.

    2. MiniMencken

      Actually, getting the police in any town to do anything is difficult. Their mindset is that anyone approaching them is trying to use them. So, telling an American policeman that the sky is blue only gets him wondering about why you would want him or her to believe such a fantastic thing. Which suggests to them that they should run your license plate or you driver's license number or whatev.

      1. Rarian Rakista

        Friend called in a domestic violence situation a few years back and they arrested him for a bench warrant for 300 dollar parking ticket. Cost him 2000 dollars bail, they kept 1000.

  6. Redhead

    "Until then, just make sure you aren’t commenting on ANY website or public forum with the same login/password you use for important stuff such as banking."

    If that hadn't occurred to you before, you should probably go back to your underground bunker and get off the internets. The internets, they're serious business, man.

  7. One_who_wanders

    And always give a fake date of birth on the intertubes. It is an easy way to make yourself as young as you want to be, or as old.

  8. charlesdegoal

    On other sites I'm sometimes charles2goals, although I prefer not to use this moniker with foreign-language-challenged people who would fail to appreciate the hilarious pun.

    1. ph7

      yes. those who hacked into the Gawker accounts apparently emailed everyone on the stolen account list to let them know it was done. At least they are courteous assholes.

      My problem is I'm sure I uaed on of my common passwords on Gawker, I just have no idea which one – it's been awhile. But I know the old Gawker account info exists, because the hackers have my email address. Unless Gawker offers a way to find out which password we used, I may need to change my password everywhere. Currently, Gawker only permits you to change your password – without logging on – which presumably will wipe out the ability for me to retrieve and know which of my passwords was stolen.

      Or, i can ignore it all, and let the Julian Assange Jrs leak all my Wiki-irrelevance.

      1. Naked_Bunny

        Gawker can't tell you what password you used. They store a hash, according to their FAQ. That also means the hackers can likely only figure it out if your password is short or a dictionary word.

        1. natoslug

          If they do figure it out, I hope they're kind enough to send it along, as it looks like I've got one of those emails sitting in my inbox and I can't remember much about '06/'07, most definitely nothing about my passwords at that time. It would've been nice if they'd included my username from the time as well, as I used to bounce between two or three, depending on how assholish or inane I felt when posting.

      2. Katydid

        I didn't get an e-mail, when did you get it? I thought I had signed up for Gawker, but when I found out they mediated and you had to audition or something I got annoyed and only commented once, and I don't think I ever got posted.

        But either I got wiped out of their system, or not everyone that got hacked got an e-mail.

        1. Naked_Bunny

          It showed up around 6:30 AM central standard time. Subject: "Your account & password Have been Compromised". It went to an old email address that I only used for Wonkette (and don't use for anything these days).

          I remember the auditioning thing.

          1. Katydid

            Thanks. I didn't get an e-mail, but the whole thing reminded me to change all of my passwords anyway, even though they were all different. Now I don't remember a damn one of them, and I just did it. I'm not signing up for one more goddammed thing on these internets.

      3. Guppy06

        OK, long story short, there are two lists floating around:

        List 1: Every Gawker's handle, associated with their email address.
        List 2: People from List 1 with weak passwords, with said password listed.

        Right now, a little over 50% of the people on List 1 also show up on List 2. List 2 will only get longer as time goes on. Infinite number of code monkeys with typewriters means it'll probably be 100% by this time next month.

        You appear on List 2, ph7. Now, the Bad Guys are spreading this information all over the place and/or using it maliciously as we speak. However, the Good Guys (including, for our intents, Gawker themselves) don't want to get anywhere near helping people find out what their old password is, because that has "legal clusterfuck ending with pound-me-in-the-ass jail time" written all over it. It's one heck of a twist, I know.

        If you really want to know what your old password is, you'll pretty much have to go get the file yourself.

        But, really, if your password on Gawker sucks, odds are your password on other sites suck as well. Your best bet is to just go change them all. But leave your Gawker password untouched: user accounts aren't the only thing that was compromised.

        I personally suggest using a phrase or other mnemonic as a starting point for creating more secure passwords. By way of example:

        "big sale on TruckNutz"
        "big $ale 0n TruckNutz" (changing letters to numbers/symbols)
        "b$0TN" (using the first "letter" of each word)
        "ZoMgb$0TN" (throwing in "ZOMG" for padding)

        Don't use this, think up your own.

    2. Monsieur_Grumpe

      Yeah, I got one sent to an old email address I no longer use. Such polite hackers. I should have them over for my salmonella stew.

  9. horsedreamer_1

    This is what happens when you get in bed with facebook.

    facebookCONNECT, indeed. Mark Zuckerberg is a little bitch, I tell ye.

  10. V572625694

    Ha ha, more evidence that the Internet is EVIL, a meme the media have been propping up since the first two computers were linked together. Remember there was even a Sandra Bullock movie about a password that could kill you or some such?

    This is the advantage of having an incomprehensible screen name. I have to look it up every time myself.

  11. Guppy06

    "you will want to make sure you’re not using that same username/password combination for other stuff."

    Thank you, Password Hasher.

    So all they can really do is log into my old Gawker account, which wouldn't do them any good, anyway, as I got banhammered.

    1. HuddledMass

      Oh good work, Guppy06 – I never get banhammered (except that time Ken Layne freaked out and banned everyone. Good times.)

      I only hope the hacker who poses as me on Gawker gets banhammered, I need the cred.

  12. doxastic

    Classy. I go to change my password and it just tells me that the change failed. Why? Who knows! And there's no prompt for mailing that fucker. Maybe I should just google the GD thing, now that the world knows it…

    1. Ken Layne

      That's exactly what it told me, after I posted this and tried that same thing, and then went to bed, at 5 a.m., ready to weep.

      I was somewhat relieved to find my dozens of old Gawker administrative and editor logins no longer exist. I guess someone at Gawker IT actually took the trouble to purge Wonkette-related account info in the three years since Wonkette left Gawker. That I'm astounded by this apparent bit of housecleaning should tell you all you need to know about Gawker IT.

  13. glamourdammerung

    If we are going to start having public service announcements here, there should at least be a sodomy reference.

  14. HempDogbane

    The hint email appears to be written using the Teabagger Stylebook. Unnecessary caps are a cue to hear the message in one's head as if it were from a shrieking voice. Mine came in just as I woke. Barely needed to blow my nose when I got up. Everything was already loosened up.

  15. Cicada

    I was so creeped out when Facebook started linking to every site I visited that I changed all of my commenting emails to junk accounts long ago. So..er..thanks Mark Zuckerberg?

  16. ttommyunger

    Thank you for the warning, but I have had a foolproof security system in place for years: no money, no credit and a public reputation that would make Manson blush. Tommy's just another word for nothing left to lose.

  17. transfatz

    I hereby refudicate everything bad I ever said about Republicans, Sarah Palin and brood, George Bush, scooter people and Glenn Beck. I love all these people now and agree with everything they say and do.
    Shit, I've been hacked. (changes password)
    Now where were we? Oh yeah, sodomy.

Comments are closed.