Umm, What The Hell Is Hulu Doing Looking Through The Gawker Passwords?
So, in case you hadn’t heard, Gawker Media sucks at security. Over the weekend, they pretty much screwed up everything, including leaking their commenters, editors, and admins usernames (which include emails) and passwords, insinuating their commenters are peasants, and generally putting me in a cranky mood.
Yet, today, I get the email pictured above. It’s a security notification from Hulu, letting me know that I need to reset my password after the breach. Ah, well, that’s all well and-wait, Hulu?!
Yes, Hulu just wanted to let me know that I use the same email on both sites, and since I might use the same password on both, I should probably change it. In fact, not only should I probably change it, I have to change it. My old password is now disabled. Proactively!
I’m no expert in managing multi-million dollar web-based content delivery systems. However, I’m sure that someone at the table where the decision was made to compare The List of emails and passwords leaked to their own internal user database stood up and said “Um, hey, you know, maybe we shouldn’t do this?” I’m equally certain this person was ignored. Then shot. Then ignored some more.
I’m not sure how many other companies are doing this. I’m not sure why they’re doing this. But, for my part, I’m not particularly fond of the idea of a company using leaked data from a security breach to “proactively” aid their customers. I can handle it quite alright on my own, thank you. My password was not the same on these two sites. And hey, if yours was? Maybe some script kiddie getting access to your account will be the push you need to engage in better security practices. Especially if you’re one of these geniuses.
But hey, I suppose this isn’t really that big of a deal, right? I mean, they’re using the data proactively! Pro! It’s not like they’re doing something like accidentally collecting random bits of data devoid of context, never looking at the data, and actively working with government agencies to clean up the victimless mess while never doing anything with the data at all. That’s just evil.