The recent Gawker Media hack exposed a large number of usernames and passwords, many of which were promptly re-used by spammers for an Acai spam run on Twitter. In addition to sharing the password database, the Gnosis hacker group that pulled off the exploit also thoughtfully posted the email addresses of Gawker commenters for the benefit of any spammers who might care to use them.

Spammers have apparently now added the compromised email addresses to their mailing lists. I've just seen a Nigerian spam sent to a previously undisclosed address that was used uniquely for registration on a Gawker property. More will undoubtedly follow.

The lesson to learn from all this is that third-party user databases should be considered inherently insecure. Don't use the same username/password combination on multiple sites, and use disposable email addresses to register. That way when the site does get hacked, you aren't giving hackers and spammers the keys to some other part of your digital life and you can just dump the compromised address and move on.