Monday 13 December 2010

FAQ: Compromised Commenting Accounts on Gawker Media

FAQ: Compromised Commenting Accounts on Gawker Media

FAQ: Compromised Commenting Accounts on Gawker MediaThis weekend we discovered that Gawker Media's servers were compromised, resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. If you're a commenter on any of our sites, you probably have several questions.

We understand how important trust is on the internet, and we're deeply sorry for and embarrassed about this breach of security—and of trust. We're working around the clock to ensure our security (and our commenters' account security) moving forward. We're also committed to communicating openly and frequently with you to make sure you understand what has happened, how it may or may not affect you, and what we're doing to make sure this never happens again.

We'll continue to update this FAQ as things develop.

1) How do I know if my password was hacked?
2) What if I logged in using Facebook Connect? Was my password compromised?
3) What if I linked my Twitter account with my Gawker Media account? Was my Twitter password compromised?
4) Should I be concerned about my other online accounts? What if I used that password on other sites?
5) How can I delete my account?
6) How do I change my password?
7) I don't know my Gawker account password, and recover via email didn't work. What's the deal?
8) Who was responsible for the hack? How did it happen?
9) How are you notifying those whose details were compromised?
10) My password isn't working, and I didn't have an email associated with my account. What do I do?
11) What are you doing to ensure this doesn't happen in the future?

1) How do I know if my password was hacked?
If you've registered an account on any Gawker Media web site (that includes Gawker, Gizmodo, Jalopnik, Jezebel, Kotaku, Lifehacker, Deadspin, io9, or Fleshbot), and you didn't log in using Facebook Connect, then it's best to assume that your username and password were included among the leaked data.

Passwords in our database are encrypted (i.e., not stored in plain text), but they're still potentially vulnerable to hackers. You should immediately change the password on your account, and if you used that password on any other web site, you should change your passwords on all of those accounts as well.

2) What if I logged in using Facebook Connect? Was my password compromised?
No. We never stored passwords of users who logged in using Facebook Connect.

3) What if I linked my Twitter account with my Gawker Media account? Was my Twitter password compromised?
No. We never stored Twitter passwords from users who linked their Twitter accounts with their Gawker Media account. However, if you used the same password for your Twitter account as you did on your Gawker Media account, you should change it immediately.

4) Should I be concerned about my other online accounts? What if I used that password on other sites?
If you used your Gawker Media password on any other web site, you should change the password on those sites as well, particularly if you used the same username or email with that site. To be safe, however, you should change the password on those accounts whether or not you were using the same username.

5) How can I delete my account?
We understand how important trust is on the web, and some of you may wish to delete your Gawker Media account. Currently account deletion is not available. We will, however, give you this option as soon as possible.

6) How do I change my password?
FAQ: Compromised Commenting Accounts on Gawker Media

To change your password, log into your account from any Gawker Media site and 1) click on your username on the top right of the page, then 2) click the password link on your profile page. Enter your current password, a new password (and confirmation), and then click Save.

7) I don't know my Gawker account password, and recover via email didn't work. What's the deal?
We had shut down email services on some servers earlier today, but service should now be restored. Please try again and make sure you check your spam filters.

8) Who was responsible for the security breach? How did it happen?
A group calling itself Gnosis has claimed credit for hacking our servers.

9) How are you notifying those whose details were compromised?
We are in the process of notifying those users who associated an email address with their Gawker accounts.

10) My password isn't working, and I didn't have an email associated with my account. What do I do?
We are still working through possible ways to deal with this situation. We'll be sure to update this FAQ once we come up with a good solution.

11) What are you doing to ensure this doesn't happen in the future?
We're bringing in an independent security firm to improve security across our entire infrastructure. Additionally, we will continue to work with with independent auditors to ensure we maintain a reliable level of security, as well as the processes necessary to ensure we maintain a safe environment for our commenters.

  • Follow us to see the most popular stories among your friends -- or sign up for our daily newsletter below.


track'); track

Your version of Internet Explorer is not supported. Please upgrade to the most recent version in order to view comments.

<div class="noscriptbar"> In order to view comments on lifehacker.com you need to enable JavaScript.<br /> If you are using Firefox and NoScript addon, please mark lifehacker.com as trusted. </div>

via lifehacker.com

Posted by at