Gawker hack the result of poor security preparation
More information has emerged from the high profile hack of Gawker Media that took place two weeks ago. The revenge attack was committed by a group who identify themselves as Gnosis, and resulted in the theft of proprietary source code as well as the loss of 1.3 million user names and passwords.
A lengthy internal memo from Gawker Media CTO Thomas Plunkett to employees touched on what happened, admitting that relevant staffers were lacking the pertinent expertise, and also failed to perform thorough audits. Reproduced on Poynter the memo fingered Gawker's poor security preparation as part of a list of things that have gone wrong, as well as a complete lack of contingency planning for such an eventuality.
"On several fronts--technically, as well as customer support and communication--we found ourselves unprepared to handle this eventuality," Plunkett wrote. On its lack of preparation, Plunkett noted: "First, we never planned for such an event, and therefore had no systems, or processes in place to adequately respond." The rest of the memo provided updates to what the company has done to date, and also outlined the plans of the company moving forward.
For now, Gawker has put a new security policy in place, and enabled SSL for staff access to company resources. Security doesn't magically appear overnight though, and Plunkett probably said it best when he summed up the situation with "The remedy to this situation will not be immediate, but it will be swift as possible."
User names and passwords of 1.3 million stolen in weekend Gawker Media hack
Black Hat ATM hack has implications beyond the financial sector
TSA targeted in alleged internal hack
Open-source software libraries could be vulnerable to timing hack