Valleywag
While editing administrator code today, Tumblr founder David Karp and developer Marco Arment inadvertently published private user data for 40 minutes. Karp reports on his blog that 27 email addresses were exposed. He told us that four accounts — including popular Tumblr blogs by Julia Allison and Pete Nidzgorski — had their passwords changed. Karp told Valleywag he knows who changed the passwords. "He was a registered user, so we were actually able to look up his info," Karp said. The suspected hacker won't lose his Tumblr account. "I don't think we'll be taking this out on him," Karp said.
We have a lot of info on what happened and we were able to recover quickly. We're very comfortable with our infrastructure, and will put some more practices in place to deal with any future human errors. We also feel extremely fortunate that our users have been so forgiving.
Comments
Maybe he was sad because his boyfriend left him for Julia Allison: [twitter.com]
Oopsie!
QA is so web 1.0
I'm a Scenester!
You can't rely on the company blog to tell you the real story, Nick! It was at least 45 minutes, and probably longer, because it was 43 minutes from the time it hit Hacker News until it was found. And who on earth puts their admin panel at [www.gits.com] The lowliest script kiddie could tell them that's not the smartest move. Here are some screenshots: [tinyurl.com]
Had to be a VW reader who messed with JA's account, no? Who else would have cared?
@CyndyA: I thought it was Denton himself, as the Fake Nick Denton blog also went down. It took out all the Gawker alum blogs, I think, except Emily's.
Wait, how is she with code? hmmmm...
These guys are going to get hammered. They have no idea what they're up against.
Start a discussion:
Login with your username and password below. Or comment on this post via email.
Forgot your username or password? New User?