For a brief period in August, every Gawker commenter was naked, their email address flapping in the wind.
A temporary error in the comments system gave admin privileges to anyone who updated their profile.
Scott Kidder of Gawker says, “We learned of the problem pretty quickly, and promptly patched the hole and removed admin access from those that shouldn’t have it.”
Though, not before Malatron sent himself 1640 comments invites…
For a while he resigned himself to merely issuing comment logins to anyone Gawker executed.
Paul broke his silence today and posted about the lapse on his blog.
Afterwards, Paul IM’d The Consumerist with the deets. We forwarded his post to Gawker managing editor, Lockhart Steele, and to tech. As the hole was plugged, neither seemed alarmed and decided to let the matter rest.
Paul and Andrew Krucoff were still bothered. Krucoff in particular was appalled Gawker never told its readers about the brief vulnerability. Both wanted Consumerist to post about it (customer service failure at the HQ of the customer service blog and all).
Applying our normal posting criteria, we didn’t. Frankly, it seemed like a storm in a thimble. Plus, we were about to take a nap.
As we slept, Gawker.com posted about it and readers had fun getting comment logins from Malatron and pretending to be Kruckoff in the comments.
Any readers disturbed by the potential privacy breach are advised to call Gawker customer service and ask for their money back.