The most visible consequence was that the entire user DB was compromised and the site rooted. But other consequences were that the hackers had cracked a large number of Gawker staff accounts and even had access to internal emails and chats.
I think it feasible that enough internal info was linked to compromise Gawker's staff for years. Some of them probably thought resetting their gawker.com account was enough, and forgetting that that password might have been used elsewhere. Also unclear is how long the hackers were snooping around before the hack was discovered...in that time, they could have download dumps of staff email and gmail accounts.
The upshot: someone out there might have several GB of personal gawker staff info. Ever email yourself your ID number to your email account? Has anyone ever emailed you credentials that you forgot in the heat of the moment? How many times does your social security number appear in your Gmail, thanks to attached billing/app files at you originated from there.
And remember that the hackers had root access to everything at Gawker, even the site source code. How positive is everyone there (remember that the owner's laughable password is one of the main reason that Gawker got crushed) that no key-loggers had been secretly installed and have been running all this time? It doesn't even require anything that sophisticated...all it takes is one security-unsavvy staff member...and this is a staff of mostly culture writers...to do something insecure.
I'm not sure if Mat was employed by Gawker all this time but even if he came after the hack, you can see how one massive data breach can have almost permanent implications within an organization.
That said, what an awful incident and thank you to him for writing a thorough account of how he coped...this is a valuable lesson to everyone and I hope they find the punks who did it.
* To underscore my point, I didn't realize that Honan is recently a former Gawker employee. Yet he had enough credentialed access for an outsider to break into Gizmodo's twitter account. I bet Gizmodo didn't think that an amicable departure of an employee was enough to warrant a password change to Twitter...but if his emails contained the password, then it's an easy hack. If I were Gawker, I would change EVERYTHING...not just gizmodo info, but all of its sister Gawker site credentials. They should assume the worst and that someone out there has all of Honan's emails, including every time he might have been emailed credentials in plaintext
also, Honan's current employer, Wired, should do the same. Change all the keys.
http://www.wired.com/threatlevel/2010/12/gawker-hacked/
The most visible consequence was that the entire user DB was compromised and the site rooted. But other consequences were that the hackers had cracked a large number of Gawker staff accounts and even had access to internal emails and chats.
I think it feasible that enough internal info was linked to compromise Gawker's staff for years. Some of them probably thought resetting their gawker.com account was enough, and forgetting that that password might have been used elsewhere. Also unclear is how long the hackers were snooping around before the hack was discovered...in that time, they could have download dumps of staff email and gmail accounts.
The upshot: someone out there might have several GB of personal gawker staff info. Ever email yourself your ID number to your email account? Has anyone ever emailed you credentials that you forgot in the heat of the moment? How many times does your social security number appear in your Gmail, thanks to attached billing/app files at you originated from there.
And remember that the hackers had root access to everything at Gawker, even the site source code. How positive is everyone there (remember that the owner's laughable password is one of the main reason that Gawker got crushed) that no key-loggers had been secretly installed and have been running all this time? It doesn't even require anything that sophisticated...all it takes is one security-unsavvy staff member...and this is a staff of mostly culture writers...to do something insecure.
I'm not sure if Mat was employed by Gawker all this time but even if he came after the hack, you can see how one massive data breach can have almost permanent implications within an organization.
That said, what an awful incident and thank you to him for writing a thorough account of how he coped...this is a valuable lesson to everyone and I hope they find the punks who did it.
* To underscore my point, I didn't realize that Honan is recently a former Gawker employee. Yet he had enough credentialed access for an outsider to break into Gizmodo's twitter account. I bet Gizmodo didn't think that an amicable departure of an employee was enough to warrant a password change to Twitter...but if his emails contained the password, then it's an easy hack. If I were Gawker, I would change EVERYTHING...not just gizmodo info, but all of its sister Gawker site credentials. They should assume the worst and that someone out there has all of Honan's emails, including every time he might have been emailed credentials in plaintext
also, Honan's current employer, Wired, should do the same. Change all the keys.