Editor’s Note: This post was originally published on Seattle 2.0, and imported to GeekWire as part of our acquisition of Seattle 2.0 and its archival content. For more background, see this post.
By Sasha Pasulka
I comment on Gawker.
I’ve had a commenter account on Gawker for years now. I got one long ago, when the comment accounts were invite-only, and, when I mentioned to my friends how much I loved the blog, they responded by asking what a blog was.
Gawker is the reason I started blogging, and the initial inspiration behind the media company I spent the past four-and-a-half years building. The editors at Gawker, Defamer and Jezebel were instrumental in the growth of my web properties, graciously linking to and reprinting and covering the stories my sites broke.
They supported me. I like Gawker. I like the people who work for Gawker.
And I have enormous respect for Nick Denton, the mysterious, demanding, hot-headed publisher who’s spent the past seven years forcing media journalists to think of fresh synonyms for “mysterious,” “demanding,” and “hot-headed” while building an expansive, powerful and profitable online media empire.
This is not, contrary to popular belief, an easy thing to do. Nick Denton is very, very good at what he does, and he has done it better than anyone else has.
He’s made a lot of enemies in the process. His revolving stable of ruthless up-and-coming writers has made even more. (Check out former Gawker editor Emily Gould’s memoir, And the Heart Says Whatever, for a no-holds-barred look at the longer-term emotional impact of Gawker employee-dom.)
A lot of people have been insulted by Gawker. A lot of those people work in media.
So it’s no surprise that media outlets everywhere have jumped on the chance to cover the story of Gawker’s exploited security vulnerabilities, of their seemingly enormous technical failings, of their missed opportunities to recognize that their security had been compromised and that the passwords of some 500,000 of their commenters were about to be exposed online. Of how Gawker’s Icarian hubris, in the end, sent them crashing.
For every New York mediaite who drunkenly said something embarrassing within earshot of a Gawker editor and woke up the next day to find his words splashed on the home page, this is not simply another story of hacker-dom.
Combine that vitriol with the Wikileaks release of classified U.S. cables and recent attacks by Anonymous on the web properties of Wikileaks critics, and this is a huge story.
As such, a number of other web properties have launched into cover-your-ass mode, shutting down accounts linked to email addresses that were involved in the Gawker leak. On Tuesday, my LinkedIn account was shut down. On Wednesday, my Hulu Plus account was shut down. I was emailed about both. I changed my Hulu password and my account was reinstated. I decided that, now presented with the choice, I could live without LinkedIn. (I’d already deleted all the dirty messages my boyfriend and I send each other via LinkedIn. As well as the detailed recommendation he wrote me.)
Blizzard took the same precautions. Gilt Groupe sent me a strongly worded email, urging me to change my password.
The assumption is that I may have used the same passwords for all those accounts, and that they could be accessed with my Gawker password, which is apparently floating around the Internet. And that may or may not be the case. (Seriously, if you find it, email me. I don’t know what it was, and I’d actually like to know what’s been compromised.)
I appreciate the measures these companies are taking. I appreciate the situation they’re in. I wonder about the precedent it sets.
Why did LinkedIn (a service I never use, and I’m pretty sure said I work in the dairy industry and that my career goal is to marry someone hot) and Hulu Plus (which, uh, plays television shows?) shut down my accounts, while Facebook and Google, which must know that they actually possess sensitive information about my life, didn’t even issue a warning? (For the record, I changed the passwords on both, all by myself.)
Does your startup have user accounts driven by email addresses? Have you reviewed the list of cracked Gawker user accounts and notified any customers who might be affected? Have you shut down any accounts?
Are you supposed to? At what point do you make that call?
And how secure are your users’ passwords? A hack of your company’s database may not inspire the media firestorm that Gawker’s been kindling for years, but how closely have you looked at security? Who are you responsible for notifying if the email addresses and passwords are compromised? How quickly can you do this? Aren’t you worried about your users’ Hulu Plus accounts?
If anything, this mess is forcing companies to sit down and talk about how they are going to handle this type of situation. And it’s likely to happen again, probably soon, since hackers are, like, so hot right now.
Does your company have a plan?
