View Single Post
  #1  
Old 06.06.2012, 22:14
Castro's Avatar
Castro Castro is offline
la mod
 
Join Date: Nov 2007
Location: ZG
Posts: 5,516
Groaned at 117 Times in 95 Posts
Thanked 16,418 Times in 5,228 Posts
Castro has a reputation beyond reputeCastro has a reputation beyond reputeCastro has a reputation beyond reputeCastro has a reputation beyond reputeCastro has a reputation beyond reputeCastro has a reputation beyond repute
Major security breach at LinkedIn

If you have a LinkedIn acct, it might be wise to change the password, especially if you use the same one for multiple sites (like my mate )

LinkedIn investigates hacking claims

Business social network examines claims by security analysts that more than 6 million users' details have been posted online

Josh Halliday
guardian.co.uk, Wednesday 6 June 2012 15.13 BST

LinkedIN is examining claims that more than 6 million users' encrypted passwords have been placed online. Photograph: David Loh/Reuters
LinkedIn has launched an investigation into reports that its password database has been compromised with more than 6 million users' details posted online.

The business social network is examining claims by security analysts that millions of encrypted passwords have been published on a Russian hackers' website.

Graham Cluley, the cyberthreats expert, said the passwords were now likely to be in the hands of criminals. He advised the website's 160m worldwide users to immediately change their login details.

The security scare will cause fresh embarassment for LinkedIn, which is also facing privacy concerns about its mobile calendar application.

LinkedIn had not returned requests for comment at the time of publication, but said in a message on Twitter: "Our team is currently looking into reports of stolen passwords. Stay tuned for more."

Per Thorsheim, the security researcher who first raised the alarm about the apparent leak, said on Wednesday that the 6.5m encrypted passwords "will probably be a lot more users" because some will have the same login details.

Cluley, an analyst at Naked Security, said in a blogpost that users' emails addresses had not been published on the Russian hackers' website.

But he added: "It is reasonable to assume that such information may be in the hands of the criminals. As such, it would seem sensible to suggest to LinkedIn users that they change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack."

Those accused of being behind the breach have asked other hackers to help decrypt the protected passwords. If linked to a premium users' account, the hackers could gain access to credit card details used to pay for subscriber access to the site.

The file posted online reportedly contains 6,458,020 so-called "SHA1 unsalted password hashes", which would be straightforward for a skilled hacker to link to a user's details.

Earlier on Wednesday 6 June, LinkedIn was forced to fend off privacy concerns about its mobile calendar app. The company said its iPhone and iPad app can access detailed information about its users' daily activity, including location, meeting notes, and the email addresses of people a user meets with.

source
Reply With Quote
The following 5 users would like to thank Castro for this useful post: