The giant password leak on the U.S.S. Gawker has other big ships rushing to plug the holes.
Hackers published the emails and passwords of Gawker’s 1.5 million users. Hackers and spammers took the list and looked for users who might have used the same password for their email or on other sites–Twitter, Amazon, Seamless Web.
Twitter was the first to get hit. Spammers logged into users’ accounts and began tweeting furiously about acai berries. The spam was not malicious, but other sites started to worry that their users might be next.
New York-based Gilt Groupe, which runs a luxury, members-only daily deal site, crunched some data on behalf of its V.I.P.s. Gilt compared the list of Gawker user email addresses with their own users’ and notified the affected users that they should really change those passwords.
Other sites compensating for Gawker’s indiscretion, according to Fast Company:
- Linked In disabled the passwords of affected users, who are now required to reset using the password recovery system. “There is no indication that your LinkedIn account has been affected,” the email to users said, “but since it shares an email with the compromised Gawker accounts, we decided to ensure its safety by asking you to reset its password.”
- Facebook did the same thing, forcing users with leaked passwords to verify their identities before they can sign in. People who used Facebook Connect to log into Gawker were not affected. (Great PR for Facebook Connect!)
- Blizzard, the company behind World of Warcraft, also issued an advisory that prompted some users to change their passwords. “If you’ve received an email from Blizzard Entertainment requesting a password reset as a result of the Gawker Media compromise, please click on the link included in the email’s body to choose a new password.”
At least the Gawker Media compromise isn’t as bad as the Corrupted Blood plague incident.
ajeffries [at] observer.com | @adrjeffries