GAWKER HACKED  5:14 am December 13, 2010

Regarding the Hacked Gawker Comment Accounts

by Ken Layne

Nobody at Gawker Media has told us anything. We only learned about it early this morning, after we returned from a Christmas party and found a mysterious mass email claiming all of Gawker Media’s logins had been hacked and posted online — including those of people who simply commented on Gawker sites.

FIRST: If you currently comment on Wonkette using the Intense Debate system, then you’re not part of this Gawker thing. But if you have commented on Gawker sites — Gizmodo, Lifehacker, Jezebel, etc. — then it’s very likely your info is floating around in some form or another. Again, we’re just reading the news here. Wonkette has not been part of Gawker Media for nearly three years now.

BUT: If you’re an old-timer and used to comment back in the days of Pareene/Layne, way back in 2006-2007, you will want to make sure you’re not using that same username/password combination for other stuff. And if you comment on Gawker sites today, regardless if you comment on Wonkette …. well, we have no idea what anyone should do. We are hoping to hear from Gawker Media today, with some clear instructions for people who commented on those sites in the past or present. Until then, just make sure you aren’t commenting on ANY website or public forum with the same login/password you use for important stuff such as banking.

Jesus christ, the Internet is just awful. All of it.

Here are the latest news articles about this Gawker hack thing.

 

Hola wonkerados.

To improve site performance, we did a thing. It could be up to three minutes before your comment appears. DON'T KEEP RETRYING, OKAY?

Also, if you are a new commenter, your comment may never appear. This is probably because we hate you.

{ 63 comments }

blogslut December 13, 2010 at 5:20 am

You're right, Ken. Maybe Prince is right too. Maybe it's all over and we're just dancing at the wake.

noodlesalad December 13, 2010 at 5:37 am

They can have my overdrawn credit card numbers, they can have my bankrupted social security number, they can even have my amerobucks, but if they start making up pro-Palin comments in my fake name, it's gonna be time for a reLOVEution.

StillGoinGreen December 13, 2010 at 12:55 pm

I regret that I have but one social security number for them to get turned down when applying for credit. Hey, I do have three credit scores!! However, they don't add up to my age right now, but I STILL GOT'EM!!

cheaphits December 13, 2010 at 6:01 am

Who ya gonna call?

If only Gawker had stayed on the friendly side of Ms. Sarah Palin, then her "Interwebz Vengeance Team" would have the perps by now. Look how she beat off ol' "White Boy" Julian's sausage and ruined the life of that poor kid in TN. He got jail time and a fine for guessing Sarah's password, which admittedly, because of Ms. Palin spelling and memory limitations, had to be short and simple.

But, there seems to nothing this woman can't do – well, except get elected VP, raise a family, win a beauty contest, keep a job, stay at one school long enough to unpack. think,speak or write coherently and avoid being self absorbed.

Redhead December 13, 2010 at 7:33 am

I don't think it's Palin so much as all their posts about /b/ and 4chan and Anonymous that probably pissed someone with hacking skills off.

Not that that will stop her from taking credit while simultaneously playing the victim, I'm sure.

OhHellToTheNo December 13, 2010 at 9:20 pm

I'm willing to blame Julian Assange's ego for setting this whole thing off.

arihaya December 13, 2010 at 6:12 am

Sarah Palin's site got hacked

Gawker's site got hacked

is now somehow Gawker is allied with Sarah Palin?

Naked_Bunny December 13, 2010 at 6:53 am

Crap, did Gawker get hacked by someone figuring out where Newell went to college?

One_who_wanders December 13, 2010 at 7:46 am

Newell went to college?

Naked_Bunny December 13, 2010 at 8:08 am

Indeed, his Harvard education has served his career of making Internet poo jokes well.

Monsieur_Grumpe December 13, 2010 at 9:09 am

As everyone who is anyone knows, Harvard poop jokes don’t stink.

Naked_Bunny December 13, 2010 at 6:52 am

So my policy of using the same username and password both at my bank and at random websites I never figured I'd come back to after a single comment is perhaps, in retrospect, not the most secure?

Rarian Rakista December 14, 2010 at 4:14 am

I just use a random password generator for each site and keep remember password on my browser checked. When I lose access I just have the email me the password again and I change it.

Naked_Bunny December 13, 2010 at 7:03 am

I'll be deeply embarrassed if the hackers figure out my password while I'm unable to do so.

natoslug December 13, 2010 at 9:02 am

I've always found it easiest to keep my password and username the same. That way I always remember it. It's so simple, nobody'd think to check!

prommie December 13, 2010 at 11:21 am

Hide it in plain sight, thats sure to work, its brilliant! And make you password "password," everyone knows your not supposed to do that, so noone would ever think you did! And noone would ever think of flying airplanes into buildings, its, its unpossible.

Steverino247 December 13, 2010 at 7:33 am

Here's the problem with Internet crime. Nobody in law enforcement (except maybe the United States Secret Service and the FBI, but they're looking for "terrorists" 24/7) understands it and the victim needs to complain to his/her local law enforcement agency when the criminal is sitting in Africa or Bulgaria someplace.

Example One: A friend's Yahoo! e-mail account is hacked and desperate sounding e-mails go out to his address book begging for money to be wired to the UK. I figure it out and actually call fucking Scotland Yard. Scotland Yard, who can stake out the Western Union address and catch these bastards, instead refers me to the police in my friend's small town that contracts those services to the County Sheriffs. What the fuck are they going to do about that? Send an officer to the UK?! And why is Western Union allowed to stay in business when they are obviously a conduit for illegal scams of all types?

Example two: Restraining order violations using the Internet. As long as your psycho hose beast ex- never returns to the jurisdiction where the RO was issued, they can do pretty much as they please with your personal information because, again, you have to complain to the local fuzz who have no fucking clue about what an IP address is. You know exactly where the crime in being committed, but that jurisdiction can't do anything. And even if they did do something, it's a misdemeanor and nobody's going to pay to extradite the bitch from Temple, Texas to California for violating a criminal protective order issued out of Vancouver, Washington. Now, if the laws were changed so you could report it to the local law enforcement agency where the harassment was actually being committed, they could stand outside the door and hear the aforementioned psycho hose beast screaming at you, knock on the door and make the arrest. Problem solved.

Naked_Bunny December 13, 2010 at 8:01 am

why is Western Union allowed to stay in business when they are obviously a conduit for illegal scams of all types?

Hey, it's not like they are transacting donation payments for Wikileaks.

V572625694 December 13, 2010 at 9:42 am

Ever see WU's ads on the teevee? They say they'll send $50 to somebody for only $10. What a deal!

Naked_Bunny December 13, 2010 at 10:33 am

I've actually had to use Western Union. Those rates are accurate. And they sent the money to Alaska instead of Arkansas by mistake.

petehammer December 13, 2010 at 11:37 am

If I give you $20, will you send me $100?

V572625694 December 13, 2010 at 11:40 am

You bet! Send it right now!

MiniMencken December 13, 2010 at 3:28 pm

Actually, getting the police in any town to do anything is difficult. Their mindset is that anyone approaching them is trying to use them. So, telling an American policeman that the sky is blue only gets him wondering about why you would want him or her to believe such a fantastic thing. Which suggests to them that they should run your license plate or you driver's license number or whatev.

Rarian Rakista December 14, 2010 at 4:17 am

Friend called in a domestic violence situation a few years back and they arrested him for a bench warrant for 300 dollar parking ticket. Cost him 2000 dollars bail, they kept 1000.

Redhead December 13, 2010 at 7:35 am

"Until then, just make sure you aren’t commenting on ANY website or public forum with the same login/password you use for important stuff such as banking."

If that hadn't occurred to you before, you should probably go back to your underground bunker and get off the internets. The internets, they're serious business, man.

One_who_wanders December 13, 2010 at 7:44 am

And always give a fake date of birth on the intertubes. It is an easy way to make yourself as young as you want to be, or as old.

Come here a minute December 13, 2010 at 7:54 am

I'm using password123 — now don't be a jerk and steal it.

Naked_Bunny December 13, 2010 at 8:39 am

You're supposed to store your password in an secure, encrypted form, like "321drowssap".

jim89048 December 13, 2010 at 4:11 pm

Mine's *****!*. Nobody ever expects the exclamation point!

Comrade PhysioProf December 13, 2010 at 7:58 am

Is it allowed to publish a post on Wonkette that doesn't make fun of anyone?

HistoriCat December 13, 2010 at 9:06 am

Ken has graciously set this up for us and now we need to do the "make fun" part.

I got nothing.

charlesdegoal December 13, 2010 at 8:00 am

On other sites I'm sometimes charles2goals, although I prefer not to use this moniker with foreign-language-challenged people who would fail to appreciate the hilarious pun.

Naked_Bunny December 13, 2010 at 8:03 am

Anyone else get a suspicious email from teamhint@hint.io ?

ph7 December 13, 2010 at 8:24 am

yes. those who hacked into the Gawker accounts apparently emailed everyone on the stolen account list to let them know it was done. At least they are courteous assholes.

My problem is I'm sure I uaed on of my common passwords on Gawker, I just have no idea which one – it's been awhile. But I know the old Gawker account info exists, because the hackers have my email address. Unless Gawker offers a way to find out which password we used, I may need to change my password everywhere. Currently, Gawker only permits you to change your password – without logging on – which presumably will wipe out the ability for me to retrieve and know which of my passwords was stolen.

Or, i can ignore it all, and let the Julian Assange Jrs leak all my Wiki-irrelevance.

Naked_Bunny December 13, 2010 at 8:46 am

Gawker can't tell you what password you used. They store a hash, according to their FAQ. That also means the hackers can likely only figure it out if your password is short or a dictionary word.

natoslug December 13, 2010 at 9:09 am

If they do figure it out, I hope they're kind enough to send it along, as it looks like I've got one of those emails sitting in my inbox and I can't remember much about '06/'07, most definitely nothing about my passwords at that time. It would've been nice if they'd included my username from the time as well, as I used to bounce between two or three, depending on how assholish or inane I felt when posting.

Katydid December 13, 2010 at 10:41 am

I didn't get an e-mail, when did you get it? I thought I had signed up for Gawker, but when I found out they mediated and you had to audition or something I got annoyed and only commented once, and I don't think I ever got posted.

But either I got wiped out of their system, or not everyone that got hacked got an e-mail.

Naked_Bunny December 13, 2010 at 11:07 am

It showed up around 6:30 AM central standard time. Subject: "Your account & password Have been Compromised". It went to an old email address that I only used for Wonkette (and don't use for anything these days).

I remember the auditioning thing.

Katydid December 13, 2010 at 11:20 am

Thanks. I didn't get an e-mail, but the whole thing reminded me to change all of my passwords anyway, even though they were all different. Now I don't remember a damn one of them, and I just did it. I'm not signing up for one more goddammed thing on these internets.

Guppy06 December 13, 2010 at 6:44 pm

Slate has a widget to check to see if your account's password has been cracked here:
http://www.slate.com/id/2277768/

I just checked ph7, and it says yours has been cracked.

I'll see if I can dig up more tech-y stuff.

Guppy06 December 13, 2010 at 10:10 pm

OK, long story short, there are two lists floating around:

List 1: Every Gawker's handle, associated with their email address.
List 2: People from List 1 with weak passwords, with said password listed.

Right now, a little over 50% of the people on List 1 also show up on List 2. List 2 will only get longer as time goes on. Infinite number of code monkeys with typewriters means it'll probably be 100% by this time next month.

You appear on List 2, ph7. Now, the Bad Guys are spreading this information all over the place and/or using it maliciously as we speak. However, the Good Guys (including, for our intents, Gawker themselves) don't want to get anywhere near helping people find out what their old password is, because that has "legal clusterfuck ending with pound-me-in-the-ass jail time" written all over it. It's one heck of a twist, I know.

If you really want to know what your old password is, you'll pretty much have to go get the file yourself.

But, really, if your password on Gawker sucks, odds are your password on other sites suck as well. Your best bet is to just go change them all. But leave your Gawker password untouched: user accounts aren't the only thing that was compromised.

I personally suggest using a phrase or other mnemonic as a starting point for creating more secure passwords. By way of example:

"big sale on TruckNutz"
"big $ale 0n TruckNutz" (changing letters to numbers/symbols)
"b$0TN" (using the first "letter" of each word)
"ZoMgb$0TN" (throwing in "ZOMG" for padding)

Don't use this, think up your own.

Monsieur_Grumpe December 13, 2010 at 9:21 am

Yeah, I got one sent to an old email address I no longer use. Such polite hackers. I should have them over for my salmonella stew.

jus_wonderin December 13, 2010 at 12:02 pm

LOL. Just get them out of the house before the "side effect" begin.

xChauncey December 13, 2010 at 2:00 pm

According a post on RWW, Hint's email was a (maybe tacky, but well-meaning) "white knight" sorta thing, as well as one from an Anonymous Steve.
http://www.readwriteweb.com/archives/twitter_spam

Clancy_Pants December 13, 2010 at 8:52 am

Maybe now, after Wikileaks posts my online porn habits, I will finally get the help I so desperately need.

horsedreamer_1 December 13, 2010 at 9:00 am

This is what happens when you get in bed with facebook.

facebookCONNECT, indeed. Mark Zuckerberg is a little bitch, I tell ye.

V572625694 December 13, 2010 at 9:46 am

Ha ha, more evidence that the Internet is EVIL, a meme the media have been propping up since the first two computers were linked together. Remember there was even a Sandra Bullock movie about a password that could kill you or some such?

This is the advantage of having an incomprehensible screen name. I have to look it up every time myself.

not that Dewey December 13, 2010 at 11:05 am

That's not your SSN? Oops.

V572625694 December 13, 2010 at 11:34 am

Victoria’s Secret web site password, echtualleh.

Guppy06 December 13, 2010 at 9:48 am

"you will want to make sure you’re not using that same username/password combination for other stuff."

Thank you, Password Hasher.

So all they can really do is log into my old Gawker account, which wouldn't do them any good, anyway, as I got banhammered.

HuddledMass December 14, 2010 at 11:52 am

Oh good work, Guppy06 – I never get banhammered (except that time Ken Layne freaked out and banned everyone. Good times.)

I only hope the hacker who poses as me on Gawker gets banhammered, I need the cred.

Guppy06 December 13, 2010 at 10:06 am

Speaking of internet terrorismz, if Anonymous is the IRA, would 4chan or the EFF be Sinn Fein?

horsedreamer_1 December 13, 2010 at 10:14 am

4chan is more a Carlos the Jackal, no? No real agenda, just wants to have some fun.

doxastic December 13, 2010 at 10:18 am

Classy. I go to change my password and it just tells me that the change failed. Why? Who knows! And there's no prompt for mailing that fucker. Maybe I should just google the GD thing, now that the world knows it…

Ken Layne December 13, 2010 at 12:12 pm

That's exactly what it told me, after I posted this and tried that same thing, and then went to bed, at 5 a.m., ready to weep.

I was somewhat relieved to find my dozens of old Gawker administrative and editor logins no longer exist. I guess someone at Gawker IT actually took the trouble to purge Wonkette-related account info in the three years since Wonkette left Gawker. That I'm astounded by this apparent bit of housecleaning should tell you all you need to know about Gawker IT.

glamourdammerung December 13, 2010 at 10:29 am

If we are going to start having public service announcements here, there should at least be a sodomy reference.

Doglessliberal December 13, 2010 at 11:08 am

How do we find out if we commented on Wonkette at the time in question?

HempDogbane December 13, 2010 at 11:22 am

The hint email appears to be written using the Teabagger Stylebook. Unnecessary caps are a cue to hear the message in one's head as if it were from a shrieking voice. Mine came in just as I woke. Barely needed to blow my nose when I got up. Everything was already loosened up.

Cicada December 13, 2010 at 12:00 pm

I was so creeped out when Facebook started linking to every site I visited that I changed all of my commenting emails to junk accounts long ago. So..er..thanks Mark Zuckerberg?

ttommyunger December 13, 2010 at 1:34 pm

Thank you for the warning, but I have had a foolproof security system in place for years: no money, no credit and a public reputation that would make Manson blush. Tommy's just another word for nothing left to lose.

Manhattan123 December 13, 2010 at 3:36 pm

SARAH PALIN SUCKS MONKEY COCK! Oooh someone stole my password.

Radiotherapy December 13, 2010 at 3:50 pm

This won't affect my "p" value…will it?

transfatz December 13, 2010 at 9:36 pm

I hereby refudicate everything bad I ever said about Republicans, Sarah Palin and brood, George Bush, scooter people and Glenn Beck. I love all these people now and agree with everything they say and do.
Shit, I've been hacked. (changes password)
Now where were we? Oh yeah, sodomy.

Comments on this entry are closed.

Previous post:

Next post: