From: steve harley
On 2010-12-26 19:59 , John Sessoms wrote:
> I mentioned that when I got home from my trip I found several emails in
> my inbox indicating that my "Gawker account" was compromised. Funny
> thing about it was I didn't even know I had a "Gawker account".
Gawker runs numerous websites; examples are Gizmodo & Lifehacker --
those are the two where i had signed up at some point to leave a comment
or something; all the email addresses and passwords at all Gawker's
sites were stolen; if had such an account and you used the same password
somewhere else, someone may try too log in as you; they will try the
easy guesses (Facebook, Twitter, Google) and/or the sites where there is
something to gain (Paypal, banking sites)
I did not have an account. Someone else used my email address to create
an account. Gawker did not verify that person's right to use my email
address to create their account.
A simple verification email to me to confirm that I was indeed the
person creating the account would have stopped the whole mess. Gawker
did not do that.
Unfortunately, I could not get any information from Gawker other than my
email address and the account password associated with it were
compromised. They gave me no help to determine the severity of the breach.
As a result of Gawker's negligence, I had to take measures to protect my
own security.
I already had strong individual passwords on all of the accounts
associated with my email address. Now I have stronger individual
passwords for every account associated with my email address.
What I don't have is any explanation from Gawker why they would allow
someone to create an account using my email address and not verify the
registrant's right to use my email address.
As far as I'm concerned that's criminal negligence on Gawker's part.
--
PDML Pentax-Discuss Mail List
PDML@pdml.net
http://pdml.net/mailman/listinfo/pdml_pdml.net
to UNSUBSCRIBE from the PDML, please visit the link directly above and follow
the directions.