Re: OT: Gawker debacle
From: steve harley On 2010-12-26 21:52 , John Sessoms wrote: > I did not have an account. Someone else used my email address to create > an account. ah, i suppose that's possible, but if you're sure that's the case, there was no threat to any other account you hold I did not find out that was the case until after I had already done what I had to do to protect my accounts without knowing which if any had been compromised. Gawker would not provide me the information I needed to determine the threat. The warning emails were from the 12th & 13th of December, already 10 days old when I got home from my trip. After I had changed passwords on all of my accounts, I installed software to download the torrent file posted by the hackers ... because I could not get any assistance from Gawker. That's how I finally learned Gawker allowed someone else to use my email address to open an account on their site. What I don't have is any explanation from Gawker why they would allow > someone to create an account using my email address and not verify the > registrant's right to use my email address. i don't recall all the sites Gawker has, but some of them have been around for several years, possibly predating the prevalence of account verification via email; afaik there is no law that states a website must verify email addresses used to create accounts; some sites still allow posting comments with an email address that is never verified There is however, IIRC, a section of the telecommunications act baring fraudulent misuse of another persons electronic communications, including using someone else's email address without that person's permission. And in this case, it's not merely the posting of comments, but allowing someone to open an account with the site using a falsified email address. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
Doesn't sound like a lot of fun. Nor am I confident I can make the case. I do think I can make a case with a criminal complaint for them using my email address fraudulently which is what I intend. From: Walter Gilbert Maybe you should contact this guy: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2010/12/26/national/a113305S63.DTL -- Walt On 12/26/2010 8:59 PM, John Sessoms wrote: > I mentioned that when I got home from my trip I found several emails > in my inbox indicating that my "Gawker account" was compromised. Funny > thing about it was I didn't even know I had a "Gawker account". > > But I followed up using the tools recommended and sure enough my email > address came up as one of those compromised. > > I couldn't get any other information about this "Gawker account" to > help me figure out which if any of my passwords might be compromised, > so I've ended up changing every password for any online account > associated with my email address. > > Still couldn't get any help from Gawker, other than advice to change > the password on my "Gawker account" ... which I still didn't know > anything about. > > After a lot of digging and flailing around, including installing a > torrent viewer so I could download the file the hackers published > online with the information from Gawker's user database in order to > search it for my email address, I discovered that I indeed do not have > a "Gawker account". > > Someone else has a Gawker account using my email address that I knew > nothing about, and Gawker could not be bothered to verify the email. > > I'm really pissed. > > As far as I'm concerned, Gawker behaved negligently allowing someone > else to use my email address as identification; allowing a someone to > register an account with my email address and failing to verify the > email or obtain my permission to use my email address for that account. > > They have inconvenienced me and done me grievous harm by their > negligence. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
On 2010-12-26 21:52 , John Sessoms wrote: I did not have an account. Someone else used my email address to create an account. ah, i suppose that's possible, but if you're sure that's the case, there was no threat to any other account you hold What I don't have is any explanation from Gawker why they would allow someone to create an account using my email address and not verify the registrant's right to use my email address. i don't recall all the sites Gawker has, but some of them have been around for several years, possibly predating the prevalence of account verification via email; afaik there is no law that states a website must verify email addresses used to create accounts; some sites still allow posting comments with an email address that is never verified -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
On 12/27/2010 6:56 AM, Bob Sullivan wrote: Northeastern University continues to send me emails urging me to check the status of my application to their MBA program. Except I never did such. Some fool doesn't even know his own email address and has mistakenly entered mine. I contacted the school once, but the messages are still coming and I'm done. They are spam now. I suppose you don't deserve an MBA if you can't figure out what your email address is. Regards, Bob S. In Israel they recently made it a serious offense to keep sending soliciting information to a person after the person specifically requested not to do so. It includes electronic means of communication. One of the local colleges for some reason decided that I ought to do a degree with them. Once I politely mentioned on the phone that I both have my degree (MSc in Computer Science, thank you so much) and that I am aware of the fact that they are soliciting against my explicitly expressed will, they stopped bugging me... Boris -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
Maybe you should contact this guy: http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2010/12/26/national/a113305S63.DTL -- Walt On 12/26/2010 8:59 PM, John Sessoms wrote: I mentioned that when I got home from my trip I found several emails in my inbox indicating that my "Gawker account" was compromised. Funny thing about it was I didn't even know I had a "Gawker account". But I followed up using the tools recommended and sure enough my email address came up as one of those compromised. I couldn't get any other information about this "Gawker account" to help me figure out which if any of my passwords might be compromised, so I've ended up changing every password for any online account associated with my email address. Still couldn't get any help from Gawker, other than advice to change the password on my "Gawker account" ... which I still didn't know anything about. After a lot of digging and flailing around, including installing a torrent viewer so I could download the file the hackers published online with the information from Gawker's user database in order to search it for my email address, I discovered that I indeed do not have a "Gawker account". Someone else has a Gawker account using my email address that I knew nothing about, and Gawker could not be bothered to verify the email. I'm really pissed. As far as I'm concerned, Gawker behaved negligently allowing someone else to use my email address as identification; allowing a someone to register an account with my email address and failing to verify the email or obtain my permission to use my email address for that account. They have inconvenienced me and done me grievous harm by their negligence. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
Northeastern University continues to send me emails urging me to check the status of my application to their MBA program. Except I never did such. Some fool doesn't even know his own email address and has mistakenly entered mine. I contacted the school once, but the messages are still coming and I'm done. They are spam now. I suppose you don't deserve an MBA if you can't figure out what your email address is. Regards, Bob S. On Sun, Dec 26, 2010 at 8:59 PM, John Sessoms wrote: > I mentioned that when I got home from my trip I found several emails in my > inbox indicating that my "Gawker account" was compromised. Funny thing about > it was I didn't even know I had a "Gawker account". > > But I followed up using the tools recommended and sure enough my email > address came up as one of those compromised. > > I couldn't get any other information about this "Gawker account" to help me > figure out which if any of my passwords might be compromised, so I've ended > up changing every password for any online account associated with my email > address. > > Still couldn't get any help from Gawker, other than advice to change the > password on my "Gawker account" ... which I still didn't know anything > about. > > After a lot of digging and flailing around, including installing a torrent > viewer so I could download the file the hackers published online with the > information from Gawker's user database in order to search it for my email > address, I discovered that I indeed do not have a "Gawker account". > > Someone else has a Gawker account using my email address that I knew nothing > about, and Gawker could not be bothered to verify the email. > > I'm really pissed. > > As far as I'm concerned, Gawker behaved negligently allowing someone else to > use my email address as identification; allowing a someone to register an > account with my email address and failing to verify the email or obtain my > permission to use my email address for that account. > > They have inconvenienced me and done me grievous harm by their negligence. > > -- > PDML Pentax-Discuss Mail List > PDML@pdml.net > http://pdml.net/mailman/listinfo/pdml_pdml.net > to UNSUBSCRIBE from the PDML, please visit the link directly above and > follow the directions. > -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
From: steve harley On 2010-12-26 19:59 , John Sessoms wrote: > I mentioned that when I got home from my trip I found several emails in > my inbox indicating that my "Gawker account" was compromised. Funny > thing about it was I didn't even know I had a "Gawker account". Gawker runs numerous websites; examples are Gizmodo & Lifehacker -- those are the two where i had signed up at some point to leave a comment or something; all the email addresses and passwords at all Gawker's sites were stolen; if had such an account and you used the same password somewhere else, someone may try too log in as you; they will try the easy guesses (Facebook, Twitter, Google) and/or the sites where there is something to gain (Paypal, banking sites) I did not have an account. Someone else used my email address to create an account. Gawker did not verify that person's right to use my email address to create their account. A simple verification email to me to confirm that I was indeed the person creating the account would have stopped the whole mess. Gawker did not do that. Unfortunately, I could not get any information from Gawker other than my email address and the account password associated with it were compromised. They gave me no help to determine the severity of the breach. As a result of Gawker's negligence, I had to take measures to protect my own security. I already had strong individual passwords on all of the accounts associated with my email address. Now I have stronger individual passwords for every account associated with my email address. What I don't have is any explanation from Gawker why they would allow someone to create an account using my email address and not verify the registrant's right to use my email address. As far as I'm concerned that's criminal negligence on Gawker's part. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
On 2010-12-26 19:59 , John Sessoms wrote: I mentioned that when I got home from my trip I found several emails in my inbox indicating that my "Gawker account" was compromised. Funny thing about it was I didn't even know I had a "Gawker account". Gawker runs numerous websites; examples are Gizmodo & Lifehacker -- those are the two where i had signed up at some point to leave a comment or something; all the email addresses and passwords at all Gawker's sites were stolen; if had such an account and you used the same password somewhere else, someone may try too log in as you; they will try the easy guesses (Facebook, Twitter, Google) and/or the sites where there is something to gain (Paypal, banking sites) instead of changing all your passwords to one something else, i'd use this opportunity to set up a different password at every site; the tool i use is 1Password, but there are many others to choose from; since i have used tools like this for years, i don't really care that my Gizmodo and Lifehacker passwords were stolen -- they can't use that info to get into any other site -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: OT: Gawker debacle
That's the internet for ya. CW On 12/26/2010 9:59 PM, John Sessoms wrote: I mentioned that when I got home from my trip I found several emails in my inbox indicating that my "Gawker account" was compromised. Funny thing about it was I didn't even know I had a "Gawker account". But I followed up using the tools recommended and sure enough my email address came up as one of those compromised. I couldn't get any other information about this "Gawker account" to help me figure out which if any of my passwords might be compromised, so I've ended up changing every password for any online account associated with my email address. Still couldn't get any help from Gawker, other than advice to change the password on my "Gawker account" ... which I still didn't know anything about. After a lot of digging and flailing around, including installing a torrent viewer so I could download the file the hackers published online with the information from Gawker's user database in order to search it for my email address, I discovered that I indeed do not have a "Gawker account". Someone else has a Gawker account using my email address that I knew nothing about, and Gawker could not be bothered to verify the email. I'm really pissed. As far as I'm concerned, Gawker behaved negligently allowing someone else to use my email address as identification; allowing a someone to register an account with my email address and failing to verify the email or obtain my permission to use my email address for that account. They have inconvenienced me and done me grievous harm by their negligence. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.