topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 9:44 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: If you are a LinkedIn/Last.FM/eHarmony user, then change your password pronto.  (Read 13283 times)

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
EDIT 2012-06-08 2320hrs NZT
Included: Passwords Stolen From Last.FM, eHarmony And LinkedIn [Updates]

===============================
Original post:
In case you haven't read about it, there has apparently been a huge leak of LinkedIn passwords by a Russian hacker.
Examples:

Changing your LinkedIn password now is a precaution against the risk that someone may use your LinkedIn account or ID - if yours is amongst the 6.5M.

To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

I hear that there is a rumour that LinkedIn may be considering changing its name to "LeakedIn".    ;)
« Last Edit: June 08, 2012, 06:23 AM by IainB »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #1 on: June 06, 2012, 05:45 PM »
One of the few social (or whatever you call these) that I never signed up for. Finding careers through someone having access to my resume or 'professional activities' scares me. Finding a job or even networking is not the same as me posting a link or chatting on twitter/facebook/G+.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #2 on: June 07, 2012, 08:42 AM »
Don't type your password into random websites (leakedin)

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #3 on: June 07, 2012, 08:48 AM »
To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #4 on: June 07, 2012, 11:19 AM »
Don't type your password into random websites (leakedin)
Hi, Justice.  I'm not really sure what you mean.  Do you mean "enter your password some other way rather than typing it in"?  Or do you mean that LinkedIn (which I agreed to join and for which I have set a specific password) is a "random website"??  :tellme:   

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #5 on: June 07, 2012, 02:13 PM »
To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.

IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.

This recollection is true.  And Linked In is the only social networking site that I've even seen as useful... so YMMV I guess...

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #6 on: June 07, 2012, 04:40 PM »
Don't type your password into random websites (leakedin)
Hi, Justice.  I'm not really sure what you mean.  Do you mean "enter your password some other way rather than typing it in"?  Or do you mean that LinkedIn (which I agreed to join and for which I have set a specific password) is a "random website"??  :tellme:   
The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #7 on: June 07, 2012, 05:39 PM »
To my knowledge, this is the second time something like this has happened at LinkedIn. The last time was on 2010-12-14, when LinkedIn emailed members telling them to change their passwords.
IIRC, the first time was due to a gawker.com breach, and they were advising that as a precaution in case the same password was used on their site.
Yes, that's right. The last one was because of a precaution, as a result of a breach at Gawker.com (assets include LifeHacker.com), and not a breach at LinkedIn. This is from the LinkedIn email to members, dated 2010-12-15:
...We recently sent you a message stating that your LinkedIn password had been disabled for security reasons. (Note: If you have more than one email registered with us, you will receive more than one password reset message. You only need to act on one of them.)
This was in response to a security breach on a different site, Gawker.com, where a number of usernames and passwords were exposed. We want to make sure those leaked emails and passwords were not being used to attack any LinkedIn members.
There is no indication that your LinkedIn account has been affected, but since it shares an email with the compromised Gawker accounts, we decided to ensure its safety by asking you to reset its password.
If you haven't done that already, now is a good time to follow these steps:
    Go to the LinkedIn website.
    Click on "Sign In".
    Click on "Forgot Password?" and follow the directions on the website.

Please keep in mind that the best defense against these types of attacks is to have unique passwords for each site you use. You can always search our support site and our blog for more security tips.
We apologize for the inconvenience, but we feel this action is in your best interest. Thanks for your immediate attention to our request.

Sincerely,

LinkedIn Privacy Team

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #8 on: June 07, 2012, 05:50 PM »
The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.
When I read your earlier message, I thought your parenthetical "(leakedin)" was referring to LinkedIn, since your message came not long after IainB's humorous remark about LinkedIn changing its name to LeakedIn.   Now I see I was mistaken.  I totally agree with your advice about not typing a password into sites other than the one it belongs to.  Though LeakedIn is probably legitimate, there's always the possibility that it or a similar site may really be intent on gathering people's passwords, passwords typed in without even the protection that serious encryption offers.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #9 on: June 07, 2012, 06:05 PM »
Crikey, I didn't realise there was such a site as leakedin.com

Maybe I was being a bit unfair to LinkedIn...

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #10 on: June 07, 2012, 06:05 PM »
The leakedin website lets you type in your password, and it will check to see if it has been leaked by linkedin. I say don't type your passwords into any other website than the one it belongs to.
When I read your earlier message, I thought your parenthetical "(leakedin)" was referring to LinkedIn, since your message came not long after IainB's humorous remark about LinkedIn changing its name to LeakedIn.   Now I see I was mistaken.  I totally agree with your advice about not typing a password into sites other than the one it belongs to.  Though LeakedIn is probably legitimate, there's always the possibility that it or a similar site may really be intent on gathering people's passwords, passwords typed in without even the protection that serious encryption offers.

I took it that way, too. but this reminded me of one of my longtime annoyances with LinkedIn. It asks for your email login at the top of the page. At least once, I have mistaken this for an indication that I was not logged into LinkedIn and logged in with my email password by mistake. I'm not sure, maybe it used to have the password field right on the page instead of the Continue button.
Capture.PNG

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #11 on: June 07, 2012, 06:08 PM »
...At least once, I have mistaken this for an indication that I was not logged into LinkedIn...
Yes, I noticed that too. Ruddy annoying cheek. I am not giving them my email contacts list to sell/spam.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #12 on: June 07, 2012, 08:17 PM »
Yes, I noticed that too. Ruddy annoying cheek. I am not giving them my email contacts list to sell/spam.
Yes, both LinkedIn and Facebook ask me for my email login and password.  Fat chance!  What surprises me is how many people do provide this information willingly.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #13 on: June 07, 2012, 10:06 PM »
Thanks for the heads up. Changed. :(

Why must people run around being destructive? Can't they find something better to do?
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #14 on: June 08, 2012, 12:47 AM »
I had a LinkedIn account but I deleted it a couple months ago. I wonder if I need to be concerned about this... :-\

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: If you are a LinkedIn user, then change your password pronto.
« Reply #15 on: June 08, 2012, 06:19 AM »
Just changed the subject of this post to include: Passwords Stolen From Last.FM, eHarmony And LinkedIn

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
How many will admit having an eHarmony account?  ;D

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
How many will admit having an eHarmony account?  ;D
That's unnecessarily unkind.    ;)

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
How many will admit having an eHarmony account?  ;D
That's unnecessarily unkind.    ;)

Maybe they can add having the same password to their matchmaking criteria.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
How many will admit having an eHarmony account?  ;D
That's unnecessarily unkind.    ;)

Maybe they can add having the same password to their matchmaking criteria.

I'm sure their profiles will be updated accordingly as soon as a 3rd party matching consultant (hacker) is "assigned" to their account(s).

daddydave

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 867
  • test
    • View Profile
    • Donate to Member
I'm just thinking, if someone's LinkedIn password was "linkedin" or "password" or "abc123", and someone figures it out through a brute force attack and posts it on a web site, did the breach take place in LinkedIn or the user himself? Is that what happened, or did I mischaracterize the event?

So if those users change their password, what good will it do? They are going to change it to the same kind of guessable password.

EDIT: I guess I did mischaracterize this a bit, but there are two parts to this. A bunch of password hashes were obtained, and for some of them they were able to figure out the passwords. So apparently they are guessing passwords until they come up with one that matches the hash to confirm it, so that of course would be easier for those who chose those easy-to-guess passwords. I thnk it was the same way with the gawker.com breach.

Done editing now...except maybe for grammar, lol.
« Last Edit: June 08, 2012, 12:12 PM by daddydave »

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
It also would have been better if the hashes were salted, because then I think you'd need to know the salt to recover the passwords.