

Gawker is in the process of emailing its users about the compromise. - freejoe76
http://kommons.com/questions/395

======
dwynings
"Unfortunately, sending out that many emails is not a simple process."

If Gawker needs help, they can let us know. We finished updating their users ~
10 hours ago.

[http://thenextweb.com/media/2010/12/13/digital-good-
samarita...](http://thenextweb.com/media/2010/12/13/digital-good-samaritans-
plan-to-warn-gawker-userbase-about-data-hack/)

~~~
jeffclark
It takes a special kind of entrepreneur to knowingly use a list of hacked
email addresses to promote their own service.

"Nice Job" hint.io.

It ended up in everyone's spam folders for a reason.

~~~
dwynings
Jeff,

Knowing that we've saved tons of people's accounts from being vulnerable while
Gawker sat back and did nothing is what I would call a nice job.

Cheers,

Dru

------
wouterinho
They answered:

"We are in the process of sending out emails to all ~1.5m users affected.
Unfortunately, sending out that many emails is not a simple process."

I think MailChimp/Campaign Monitor/SendGrind should be able to handle a 1.5M
volume quite nicely.

~~~
bobobjorn
Indeed, sending 1.5m emails is not a problem. not even close to.

~~~
jonknee
It is when you have never emailed the list before and don't have a
relationship with a mailing service to do it on your behalf. Not a lot of
firms like people walking up with a 1.5m non opted in list that you want to
send to immediately.

~~~
luckyland
Their MailChimp API key was hardcoded into their source, so I think they've
got an established relationship.

------
kmfrk
Being Gawker, I'm sure they'll CC every one of their users in the e-mail.

------
nkassis
I bet they will get blacklisted on google yahoo and hotmail before they are
done. That's a lot of email.

~~~
ronnier
I've often wondered how companies such as the ones listed in another comment
(MailChimp, Campaign Monitor, SendGrind) avoid being banned, or any company
that sends a large amount of mail. Is something that just requires you to
build up reputation over time?

~~~
mbthomas
It's a multi stepped process: use different IPs for different clients, warm up
the IPs to build good reputation, actively work with ISPs to whitelist the
IPs, enroll in loopback programs with the ISPs, carefully monitor spam
complaint and bounce rates, etc.

Sending a large amount of email to a well established list can actually help
your reputation, since the ISPs see that you send large numbers of emails that
_don't_ get reported as span -- that makes the (hopefully) few that do not
affect your reputation as much.

------
madmaze
That is a very good question, I am sure Gawker has its hands full trying to
fix their leak and make sure that all its employees change their PW first.

------
emehrkay
Jesus. I just happened to check the reset password with my email address and
found out that I do have an account. I have no idea what my password was, now
I have to reset everything just to be safe.

~~~
rhizome
The good thing is that the password is reset to a random string when you click
"send password", so no further action is necessary if you don't read Gawker
anymore.

~~~
bryanlarsen
except now you can't tell if you used one of your "standard" passwords or not,
so you have to reset your passwords on every web site you've ever used.
Instead of "reset your password", try logging in with your standard passwords,
and hope that nothing works.

~~~
rhizome
True, and I'm finding myself trying to account for every site I've used the
same email address. Impossible, thanks Gawker (and me).

------
kissickas
It's unfortunate that they still have no way to delete your account, because I
wanted to delete mine a year ago and I'm sure they would have a lot fewer
emails to send out.

------
cnlwsu
Might just be trying to underplay it and hope it blows over?

~~~
jacquesm
I think they gave up on that a while ago.

------
jonknee
Not a total excuse, but they don't have email addresses for all their users
(it wasn't a required field).

~~~
jmtame
select * from users where email <> '' and email is not null

~~~
jonknee
I assume you have never had to send email to hundreds of thousands of people
with short notice. There are many ways to get banned in very short order. The
typical route is to use a third party service, but they are almost without
exception set up to not accept a large non opt-in list for immediate mailing.

~~~
Jem
Either you replied to the wrong comment or you're not familiar with database
queries?

~~~
jonknee
I'm perfectly familiar with database queries, but pulling a list of email
addresses doesn't do anything. The problem is what you do when you have the
list of email addresses.

------
rhizome
Then why did I get a (spammy) warning from teamhint@hint.io last night?

It would seem to be possible for Gawker to notify their users more quickly.

~~~
dwynings
Sorry for the spam. Truly not our intentions. We've already deleted the email
addresses from our database.

~~~
rhizome
my apologies for the sharp rhetoric, i only meant to say that SOMEone was able
to get the notice out right quick. i think it's great that you guys did that,
seriously, but i think it was a mistake to forget what the click?Hash idiom is
typically used for.

and really, your actions kinda put a lie to gawker's sloth, so extra props for
that.

~~~
dwynings
Yes, that was our mistake. Sendgrid did that automatically for analytics
purposes, and I thought it was kind of lame once I found out after the fact.

~~~
rhizome
No biggie. It wasn't _actually_ spam so no harm no foul. You did good.

