Gawker Security: A Change for the Better

Gawker Media had to learn it the hard way. After last weeks’s security breach which included compromised passwords of users, Gawker Media’s CTO Thomas Plunkett sent a memo to staff members last Friday explaining the situation and outlining first consequences. The memo includes quite a lot of apologetic talk, but also admits that Gawker was not prepared for a security breach like this one at all:

It is clear that the Gawker tech team did not adequately secure our platform from an attack of this nature. We were also not prepared to respond when it was necessary. These things can be attributed to several factors. First, we never planned for such an event, and therefore had no systems, or processes in place to adequately respond.

Wow, that’s an admission of complete failure if you ask me. Poor Gawker tech team! A media company the size of Gawker should be prepared better.

For user comments, Plunkett announces third-party logins:

On all of our sites, we will be introducing several new features to our commenting system to acknowledge the reality that we have lost the commenters’ trust and don’t deserve it back. We should not be in the business of collecting and storing personal information, and our objective is to migrate our platform away from any personal data dependencies (like email & password). We will push further integration of external account verification sources using OAuth (like Facebook, Twitter, and Google) for those that want to use them, and we’ll also be introducing disposable accounts.

That’s good news, at least to users.

Enhanced by Zemanta