Hacker News new | past | comments | ask | show | jobs | submit login

This is serious. I just checked out the torrent with the text file of the 200,000 cracked passwords. I searched for @me.com account and logged into someone's apple account. It was possible for me to order stuff via their account. I quickly emailed the guy to let him know to change his password. Gawker needs to take responsibility of this situation and email everyone in their database.

Gawker posted password change guidance on its website, but no mention is made of having attempted to directly contact those affected, so I'll assume they didn't. I don't know who's handling this for them.

We have the list. Anyone with a MailChimp account want to be a good samaritan?

Edit: I'll certainly help, but I and my girlfriend, Stella Artois, have been lamenting the embarrassing loss our Jets suffered this evening, so I figured I'd float the idea for vetting first :)

Edit 2: Wow: I know a lot of people on this list. I'm letting them know, and recommend that others scan on behalf of friends and family as well. I've been told that there has not been active communication; wish gawker would confirm either way.

Mailchimp doesn't allow sends to a third party list. I'd think this requires a special wink wink nudge nudge exception.

There are a ton of corporate networks that could be compromised because of this:

A quick search shows staff email addresses at techcrunch, apple, microsoft, google, goldman sachs, etc.

Didn't Google switch to one time passwords? At least partially?

I'd hope all of those companies use multi-factor authentication

If they haven't done so already, then they've lost any and all credibility as a company in my eyes.

You mean it hasn't happened already? Gawker scrapes the bottom of the Internet barrel.

This is what happened with monster.com and a lot of other big sites that got hacked. I bet most don't even make it public, much less email their members. They work so hard on brand reputation and image, then it all goes down the drain because some admin used a weak pass. It's not so easy for them to throw away their christmas bonus and job security. They'll do the minimal.

This stuff happens every week, only not always the dump are released on bittorrent.

Pretty serious considering a large amount of users use the same password among several sites:


Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact