Oh, Sure, NOW You Tell Us: Gawker Apology Email To Users Goes Out Two Days Later
I am annoyed with Gawker. I have had other things to do over the past few days besides going to various sites on the Internet and resetting my stupid passwords. Because, you see, I’m one of the people whose email and password information was revealed in the Gawker hack. I had a busy weekend so I found out about the Gawker hack the old-fashioned way: via Twitter, off the numerous early stories from Mediaite. It wasn’t until 1 am on Monday morning, however, that I turned my attention to getting up to speed. Then I read this sentence: “You should change your Gawker password and on any other sites on which you’ve used the same passwords.”
What. The. Eff. I suspect I am like most people on the Internet in that I sign up for all sorts of sites and frequently use the same passwords. As it happens, I have a few stock passwords, including the one published in the Gawker hack. I’ve since changed all important passwords (i.e. email, Facebook, Foursquare, Twitter, Flickr, anything connected to credit cards) and have been randomly hitting websites I once used to see what digital detritus I might have left behind. (A happy moment: I confirmed that I did NOT ever sign up for Match.com.) Yesterday, 4 friends emailed me to let me know they’d found my password easily in the Gawker dump; no doubt others have too. Nothing seems amiss but yeah, this has been an annoying waste of my time, with a dash of nervousness about anything I might have forgotten.
Which is why I was especially annoyed to get this email, last night, at 8:59 p.m. “Gawker Comment Accounts Compromised — Important.” Oh really? Important enough to send TWO EFFING DAYS LATER? Because as far as I can tell Gawker was aware that things were amiss on Saturday, and aware that things were really amiss on Sunday, early on. And while no doubt sending an email to your entire database is cumbersome, SO IS CHANGING EVERY SINGLE ONE OF YOUR GODDAMN PASSWORDS ONLINE.
Oh and I loved this too: “We’re also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and what we’re doing to fix things.” Yay! I feel so communicated to! Let’s say I was one of those people who *don’t* live on the Internet, who maybe have other, offline lives, as I pretended to this weekend — what of them and their passwords? What about people who were relying on the anonymity that Gawker’s system allows, and purported to protect? Let’s say they were the 123456 types? Fine, it’s a silly password but is that punishable by having it published? It’s not, obviously. Neither is naming way too many online passwords after your law-school boyfriend. (Fine, I get it, proper names are bad passwords. In my defense, I’ve dated a Courtland and a Gawain.) But all of that is beside the point. The point is, this was Gawker’s breach and Gawker’s users whose trust and security was compromised. Gawker should have moved MUCH faster to close this loop.
The way-late email is below. And below that, “Wicked Little Town” and “Midnight Radio” from Hedwig & The Angry Inch, because I want to restore my happy associations with the word “Gnosis.” It’s okay, Gawker, you’re still shining like the brightest star – just next time, lift up your hands a little faster to get our attention. If you’ve got some sugar for me, Sugar Daddy bring it home. Okay I’m done now. Ladies and Gentlemen, Hedwig!
**Update: The “two days” metric is based on the breach being made public via the Gizmodo tweets on Saturday afternoon, per Joe Coscarelli.
———- Forwarded message ———-
From: Gawker Media <firstname.lastname@example.org>
Date: Mon, Dec 13, 2010 at 8:59 PM
Subject: Gawker Comment Accounts Compromised — Important
This weekend we discovered that Gawker Media’s servers were compromised,
resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel,
io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name
and password associated with your comment account were released on the
internet. If you’re a commenter on any of our sites, you probably have
We understand how important trust is on the internet, and we’re deeply
sorry for and embarrassed about this breach of security. Right now we
are working around the clock to improve security moving forward. We’re
also committed to communicating openly and frequently with you to make
sure you understand what has happened, how it may or may not affect you,
and what we’re doing to fix things.
This is what you should do immediately: Try to change your password in
the Gawker Media Commenting System. If you used your Gawker Media
password on any other web site, you should change the password on those
sites as well, particularly if you used the same username or email with
that site. To be safe, however, you should change the password on those
accounts whether or not you were using the same username.
We’re continually updating an FAQ (http://lifehac.kr/eUBjVf) with more
information and will continue to do so in the coming days and weeks.
Wicked Little Town
Gawker Hacked [Mediaite]
Have a tip we should know? email@example.com