Friday, June 8, 2012

6.5 million LinkedIn Passwords leaked; eHarmony, Last.FM passwords also leaked.

There has been lots of urgent security news these last few days.  I'll be posting them as several different entries to allow me to include some detail, but email notifications to my clients will go as one consolidated email.

First, for LinkedIn users, bad news: a hashed database containing 6.5 million of your passwords leaked.  Mine was among them, but it had not been "cracked" before I got it changed (it was 12 characters, MiXed CasE, with some punctuation and digits, so it would have been difficult if not impossible to match easily).  Several articles below have details.  To check if your password is among those leaked, CHANGE IT FIRST, then go to LeakedIn: Is your password safe?. Depending on your password, you will see one of the following boxes:

More info here:
Change your LinkedIn password now | Ed Bott
Published June 6, 2012

If you have a LinkedIn account, it’s time to change your password.

As my colleague Zack Whittaker at ZDNet reports, roughly 6.5 million user passwords have apparently been downloaded and made publicly available.

It now looks like LinkedIn may have handled this both quickly enough AND in the right way -- they're claiming nobody's account was hacked.  However if you use the same login (email address) and password on LinkedIn that you use on any other website, you should immediately change your passwords there as well.  I don't have that problem -- I use a password manager called  LastPass to handle all my web passwords -- I have no idea what most of them are, LastPass handles that for me.
Linkedin Blog » Taking Steps To Protect Our Members
Since we became aware of this issue, we have been taking active steps to protect our members. Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk. We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.

Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected. Those members are also being contacted by LinkedIn with instructions on how to reset their passwords.
If you want to read more about this, see many recent entries on the Linkedin Blog.  Other news stories can be found at LinkedIn confirms passwords were 'compromised' | Security & Privacy - CNET News and 6.46 million LinkedIn passwords leaked online | ZDNet.

There are also MANY reports that dating site eHarmony and music site suffered similar breaches. Using the same password in different places just puts you at risk for this kind of problem, so if you don't ready use a password manager like LastPass please PLEASE PLEASE start doing so to make your on-line life easier and safer.

No comments: