Welcome Guest.   Make a donation to an author on the site December 19, 2014, 01:15:33 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Learn about the DonationCoder.com microdonation system (DonationCredits).
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: If you are a LinkedIn/Last.FM/eHarmony user, then change your password pronto.  (Read 4145 times)
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« on: June 06, 2012, 05:02:07 PM »

EDIT 2012-06-08 2320hrs NZT
Included: Passwords Stolen From Last.FM, eHarmony And LinkedIn [Updates]

===============================
Original post:
In case you haven't read about it, there has apparently been a huge leak of LinkedIn passwords by a Russian hacker.
Examples:

Changing your LinkedIn password now is a precaution against the risk that someone may use your LinkedIn account or ID - if yours is amongst the 6.5M.

To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

I hear that there is a rumour that LinkedIn may be considering changing its name to "LeakedIn".    Wink
« Last Edit: June 08, 2012, 06:23:00 AM by IainB » Logged
rgdot
Supporting Member
**
Posts: 1,679


View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: June 06, 2012, 05:45:20 PM »

One of the few social (or whatever you call these) that I never signed up for. Finding careers through someone having access to my resume or 'professional activities' scares me. Finding a job or even networking is not the same as me posting a link or chatting on twitter/facebook/G+.
Logged
justice
Supporting Member
**
Posts: 1,890



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: June 07, 2012, 08:42:28 AM »

Don't type your password into random websites (leakedin)
Logged

daddydave
Supporting Member
**
Posts: 818



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: June 07, 2012, 08:48:53 AM »

To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.
Logged
cyberdiva
Supporting Member
**
Posts: 909


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: June 07, 2012, 11:19:17 AM »

Don't type your password into random websites (leakedin)
Hi, Justice.  I'm not really sure what you mean.  Do you mean "enter your password some other way rather than typing it in"?  Or do you mean that LinkedIn (which I agreed to join and for which I have set a specific password) is a "random website"??  tellme   
Logged
wraith808
Supporting Member
**
Posts: 6,577



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: June 07, 2012, 02:13:07 PM »

To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.

This recollection is true.  And Linked In is the only social networking site that I've even seen as useful... so YMMV I guess...
Logged

justice
Supporting Member
**
Posts: 1,890



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #6 on: June 07, 2012, 04:40:15 PM »

Don't type your password into random websites (leakedin)
Hi, Justice.  I'm not really sure what you mean.  Do you mean "enter your password some other way rather than typing it in"?  Or do you mean that LinkedIn (which I agreed to join and for which I have set a specific password) is a "random website"??  tellme   
The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.
Logged

IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #7 on: June 07, 2012, 05:39:06 PM »

To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.
IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.
Yes, that's right. The last one was because of a precaution, as a result of a breach at Gawker.com (assets include LifeHacker.com), and not a breach at LinkedIn. This is from the LinkedIn email to members, dated 2010-12-15:
Quote
...We recently sent you a message stating that your LinkedIn password had been disabled for security reasons. (Note: If you have more than one email registered with us, you will receive more than one password reset message. You only need to act on one of them.)
This was in response to a security breach on a different site, Gawker.com, where a number of usernames and passwords were exposed. We want to make sure those leaked emails and passwords were not being used to attack any LinkedIn members.
There is no indication that your LinkedIn account has been affected, but since it shares an email with the compromised Gawker accounts, we decided to ensure its safety by asking you to reset its password.
If you haven't done that already, now is a good time to follow these steps:
    Go to the LinkedIn website.
    Click on "Sign In".
    Click on "Forgot Password?" and follow the directions on the website.

Please keep in mind that the best defense against these types of attacks is to have unique passwords for each site you use. You can always search our support site and our blog for more security tips.
We apologize for the inconvenience, but we feel this action is in your best interest. Thanks for your immediate attention to our request.

Sincerely,

LinkedIn Privacy Team
Logged
cyberdiva
Supporting Member
**
Posts: 909


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #8 on: June 07, 2012, 05:50:32 PM »

The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.
When I read your earlier message, I thought your parenthetical "(leakedin)" was referring to LinkedIn, since your message came not long after IainB's humorous remark about LinkedIn changing its name to LeakedIn.   Now I see I was mistaken.  I totally agree with your advice about not typing a password into sites other than the one it belongs to.  Though LeakedIn is probably legitimate, there's always the possibility that it or a similar site may really be intent on gathering people's passwords, passwords typed in without even the protection that serious encryption offers.
Logged
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: June 07, 2012, 06:05:05 PM »

Crikey, I didn't realise there was such a site as leakedin.com

Maybe I was being a bit unfair to LinkedIn...
Logged
daddydave
Supporting Member
**
Posts: 818



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: June 07, 2012, 06:05:28 PM »

The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.
When I read your earlier message, I thought your parenthetical "(leakedin)" was referring to LinkedIn, since your message came not long after IainB's humorous remark about LinkedIn changing its name to LeakedIn.   Now I see I was mistaken.  I totally agree with your advice about not typing a password into sites other than the one it belongs to.  Though LeakedIn is probably legitimate, there's always the possibility that it or a similar site may really be intent on gathering people's passwords, passwords typed in without even the protection that serious encryption offers.

I took it that way, too. but this reminded me of one of my longtime annoyances with LinkedIn. It asks for your email login at the top of the page. At least once, I have mistaken this for an indication that I was not logged into LinkedIn and logged in with my email password by mistake. I'm not sure, maybe it used to have the password field right on the page instead of the Continue button.

Logged
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #11 on: June 07, 2012, 06:08:11 PM »

...At least once, I have mistaken this for an indication that I was not logged into LinkedIn...
Yes, I noticed that too. Ruddy annoying cheek. I am not giving them my email contacts list to sell/spam.
Logged
cyberdiva
Supporting Member
**
Posts: 909


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #12 on: June 07, 2012, 08:17:44 PM »

Yes, I noticed that too. Ruddy annoying cheek. I am not giving them my email contacts list to sell/spam.
Yes, both LinkedIn and Facebook ask me for my email login and password.  Fat chance!  What surprises me is how many people do provide this information willingly.
Logged
Renegade
Charter Member
***
Posts: 11,963



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: June 07, 2012, 10:06:03 PM »

Thanks for the heads up. Changed. Sad

Why must people run around being destructive? Can't they find something better to do?
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
Deozaan
Charter Member
***
Posts: 6,532



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: June 08, 2012, 12:47:58 AM »

I had a LinkedIn account but I deleted it a couple months ago. I wonder if I need to be concerned about this... undecided
Logged

IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #15 on: June 08, 2012, 06:19:19 AM »

Just changed the subject of this post to include: Passwords Stolen From Last.FM, eHarmony And LinkedIn
Logged
rgdot
Supporting Member
**
Posts: 1,679


View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: June 08, 2012, 06:26:27 AM »

How many will admit having an eHarmony account?  Grin
Logged
IainB
Supporting Member
**
Posts: 4,914


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #17 on: June 08, 2012, 07:33:36 AM »

How many will admit having an eHarmony account?  Grin
That's unnecessarily unkind.    Wink
Logged
daddydave
Supporting Member
**
Posts: 818



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #18 on: June 08, 2012, 07:35:38 AM »

How many will admit having an eHarmony account?  Grin
That's unnecessarily unkind.    Wink

Maybe they can add having the same password to their matchmaking criteria.
Logged
Stoic Joker
Honorary Member
**
Posts: 5,448



View Profile WWW Give some DonationCredits to this forum member
« Reply #19 on: June 08, 2012, 11:35:43 AM »

How many will admit having an eHarmony account?  Grin
That's unnecessarily unkind.    Wink

Maybe they can add having the same password to their matchmaking criteria.

I'm sure their profiles will be updated accordingly as soon as a 3rd party matching consultant (hacker) is "assigned" to their account(s).
Logged
daddydave
Supporting Member
**
Posts: 818



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #20 on: June 08, 2012, 12:03:23 PM »

I'm just thinking, if someone's LinkedIn password was "linkedin" or "password" or "abc123", and someone figures it out through a brute force attack and posts it on a web site, did the breach take place in LinkedIn or the user himself? Is that what happened, or did I mischaracterize the event?

So if those users change their password, what good will it do? They are going to change it to the same kind of guessable password.

EDIT: I guess I did mischaracterize this a bit, but there are two parts to this. A bunch of password hashes were obtained, and for some of them they were able to figure out the passwords. So apparently they are guessing passwords until they come up with one that matches the hash to confirm it, so that of course would be easier for those who chose those easy-to-guess passwords. I thnk it was the same way with the gawker.com breach.

Done editing now...except maybe for grammar, lol.
« Last Edit: June 08, 2012, 12:12:06 PM by daddydave » Logged
Deozaan
Charter Member
***
Posts: 6,532



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #21 on: June 08, 2012, 05:10:28 PM »

It also would have been better if the hashes were salted, because then I think you'd need to know the salt to recover the passwords.
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.05s | Server load: 0.06 ]