Tech execs, analysts puts the blame on Gawker for data breach
December 14, 2010 -
Spetnik Technology News
Industry experts and analysts have criticized Gawker for its weak security standards in response to a massive data breach.
Shortly after a hacker group named "Gnosis" stole more than 1.3 million usernames and passwords from Gawker Media's servers, the tech industry has responded swiftly, condemning the site's security protocols.
Aaron Spetner, president of Spetnik Solutions, issued a statement in response to the breach, acknowledging the dangers of external threats, but calling for industry-wide security improvements.
"While the data breach came at the hands of a group of rogue hackers, Gawker Media is entirely at fault for the information that was subsequently released," Spetner said.
Because many computer users employ the same password for multiple online accounts, releasing passwords for accounts on Gawker and its other sites - Gizmodo, Lifehacker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot - could provide access to other sensitive information, such as classified documents or even online banking information.
"These people more than likely use the same pass everywhere," Gnosis wrote in documents obtained by PBS NewsHour. "Try to gain access to the @email STMP using the email/pass combination also google their email address to find other accounts on the inernet they may have and try their password with said accounts. If the people in this dump have admin/mod rights there maybe other sensitive information worth disclosing to the internet, scrape any and all information you can."[sic]
Gawker claims its passwords were encrypted at the time of the breach. However, Spetner claims Gawker may not have protected its users' information as securely as it claims.
"Although Gawker Media has since published a statement claiming the compromised passwords were encrypted, it appears that the company could have done more to protect its users' sensitive information," Spetner said. "Passwords should always be protected with one-way encryption. Even in the event of a data breach, these security measures make it impossible to decrypt stored passwords and publish them online, as was the case in the Gawker Media hack."
Other industry analysts have criticized Gawker Media in response to the data breach. A recent Forbes blog post claims Gawker could have done "everything" differently, and declared that "it seems clear they do not have a good information security person on staff or that they can call."
Meanwhile, Spetner considers the data breach an opportunity for the industry to learn a lesson in privacy and data protection.
"Moving forward, we believe the industry as a whole should be held to this standard because our users' personal privacy is a top priority," he said.
Recent headlines:
Aaron Spetner, president of Spetnik Solutions, issued a statement in response to the breach, acknowledging the dangers of external threats, but calling for industry-wide security improvements.
"While the data breach came at the hands of a group of rogue hackers, Gawker Media is entirely at fault for the information that was subsequently released," Spetner said.
Because many computer users employ the same password for multiple online accounts, releasing passwords for accounts on Gawker and its other sites - Gizmodo, Lifehacker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot - could provide access to other sensitive information, such as classified documents or even online banking information.
"These people more than likely use the same pass everywhere," Gnosis wrote in documents obtained by PBS NewsHour. "Try to gain access to the @email STMP using the email/pass combination also google their email address to find other accounts on the inernet they may have and try their password with said accounts. If the people in this dump have admin/mod rights there maybe other sensitive information worth disclosing to the internet, scrape any and all information you can."[sic]
Gawker claims its passwords were encrypted at the time of the breach. However, Spetner claims Gawker may not have protected its users' information as securely as it claims.
"Although Gawker Media has since published a statement claiming the compromised passwords were encrypted, it appears that the company could have done more to protect its users' sensitive information," Spetner said. "Passwords should always be protected with one-way encryption. Even in the event of a data breach, these security measures make it impossible to decrypt stored passwords and publish them online, as was the case in the Gawker Media hack."
Other industry analysts have criticized Gawker Media in response to the data breach. A recent Forbes blog post claims Gawker could have done "everything" differently, and declared that "it seems clear they do not have a good information security person on staff or that they can call."
Meanwhile, Spetner considers the data breach an opportunity for the industry to learn a lesson in privacy and data protection.
"Moving forward, we believe the industry as a whole should be held to this standard because our users' personal privacy is a top priority," he said.
Recent headlines:
