English Forum Switzerland

English Forum Switzerland (https://www.englishforum.ch/forum.php)
-   TV/internet/telephone (https://www.englishforum.ch/tv-internet-telephone/)
-   -   Major security breach at LinkedIn (https://www.englishforum.ch/tv-internet-telephone/148166-major-security-breach-linkedin.html)

Castro 06.06.2012 22:14

Major security breach at LinkedIn
 
If you have a LinkedIn acct, it might be wise to change the password, especially if you use the same one for multiple sites (like my mate :()

LinkedIn investigates hacking claims

Business social network examines claims by security analysts that more than 6 million users' details have been posted online

Josh Halliday
guardian.co.uk, Wednesday 6 June 2012 15.13 BST

LinkedIN is examining claims that more than 6 million users' encrypted passwords have been placed online. Photograph: David Loh/Reuters
LinkedIn has launched an investigation into reports that its password database has been compromised with more than 6 million users' details posted online.

The business social network is examining claims by security analysts that millions of encrypted passwords have been published on a Russian hackers' website.

Graham Cluley, the cyberthreats expert, said the passwords were now likely to be in the hands of criminals. He advised the website's 160m worldwide users to immediately change their login details.

The security scare will cause fresh embarassment for LinkedIn, which is also facing privacy concerns about its mobile calendar application.

LinkedIn had not returned requests for comment at the time of publication, but said in a message on Twitter: "Our team is currently looking into reports of stolen passwords. Stay tuned for more."

Per Thorsheim, the security researcher who first raised the alarm about the apparent leak, said on Wednesday that the 6.5m encrypted passwords "will probably be a lot more users" because some will have the same login details.

Cluley, an analyst at Naked Security, said in a blogpost that users' emails addresses had not been published on the Russian hackers' website.

But he added: "It is reasonable to assume that such information may be in the hands of the criminals. As such, it would seem sensible to suggest to LinkedIn users that they change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack."

Those accused of being behind the breach have asked other hackers to help decrypt the protected passwords. If linked to a premium users' account, the hackers could gain access to credit card details used to pay for subscriber access to the site.

The file posted online reportedly contains 6,458,020 so-called "SHA1 unsalted password hashes", which would be straightforward for a skilled hacker to link to a user's details.

Earlier on Wednesday 6 June, LinkedIn was forced to fend off privacy concerns about its mobile calendar app. The company said its iPhone and iPad app can access detailed information about its users' daily activity, including location, meeting notes, and the email addresses of people a user meets with.

source

grynch 07.06.2012 08:20

!!! LinkedIn/eHarmony password breach !!!
 
( thread in Internet access?.. ya, I think so )


We just received this message from our head of IT as a heads up for users of "LinkedIn"..
It seems this also pertains to you sad, sad people that have signed up for "eHarmony" as well. :eek:
1) LinkedIn has suffered a significant security breach resulting in around 6.5 million passwords being posted on the Internet (just the passwords, no userID information it seems at this point). You should change your passwords immediately. For more information take a look at this article http://arstechnica.com/security/2012...d-to-linkedin/

2) In light of this, there is a massive increase in LinkedIn related scam messages arriving in our mailboxes, asking to "confirm your email address". Delete these immediately. One clue to this scam is the way the link for the linkedin addresses are formed - they appear to be legit, however the second i in the ".linkedln." part is actually a lowercase l (L) not a capital i as it seems!! These guys are very sneaky, so beware!

From the article above, it appears that eHarmony have also suffered a similar breach with 1.5 million passwords being posted, so if you are a user of this service you should also change your password immediately.

Regards,

( n.b. -- I suppose we should brace for another round of phone calls from certain off-shore people now. )

Village Idiot 07.06.2012 08:35

Re: !!! LinkedIn/eHarmony password breach !!!
 
Quote:

Originally Posted by grynch (Post 1576982)
From the article above, it appears that eHarmony have also suffered a similar breach with 1.5 million passwords being posted, so if you are a user of this service you should also change your password immediately.

This is a new, modern twist on "some other guy running off with my date."

It's not because he's richer, more handsome, or stronger than me... It's because he stole my eHarmony password!

Sbrinz 07.06.2012 10:59

Re: Major security breach at LinkedIn
 
Thanks Castro, I have told my friends, they were grateful too!

NotAllThere 07.06.2012 11:30

Re: Major security breach at LinkedIn
 
If you wish to check if your password is possibly one of those hacked, you can go to www.leakedin.org

You enter your password. It is converted - on your machine - to the hashed value, and then this is compared against the file containing the hacked passwords. (This is so that your password is at no time known to the www.leakedin.org website). I.e. it's safe. If you trust me. :D

If you get a positive, it doesn't mean you've been hacked - someone else may have been using the same password.

if you get a negative, it doesn't mean you haven't been hacked. The file may not be complete.

Phil_MCR 07.06.2012 11:34

Re: !!! LinkedIn/eHarmony password breach !!!
 
ouch passwords stored as unsalted sha1 hash. amazing such a major site still has such bad password policies. looks like over half the passwords have now already been cracked. change yours while you still can.

grynch 07.06.2012 11:42

Re: Major security breach at LinkedIn
 
Quote:

Originally Posted by NotAllThere (Post 1577183)
If you get a positive, it doesn't mean you've been hacked - someone else may have been using the same password.

if you get a negative, it doesn't mean you haven't been hacked. The file may not be complete.

so what you're saying is this site is pretty useless?

mirfield 07.06.2012 11:55

Re: Major security breach at LinkedIn
 
1 Attachment(s)
Just logged in to LinkedIn to change my password and noticed the following;

Attachment 44130


So I needn't bother changing then :rolleyes:

lucas_pt 07.06.2012 16:01

Re: Major security breach at LinkedIn
 
Thanks!
People should change their password often!

Tom1234 07.06.2012 16:24

Re: !!! LinkedIn/eHarmony password breach !!!
 
Quote:

Originally Posted by Phil_MCR (Post 1577187)
ouch passwords stored as unsalted sha1 hash. amazing such a major site still has such bad password policies. looks like over half the passwords have now already been cracked. change yours while you still can.

What's to stop the new one being hacked too?

Phil_MCR 07.06.2012 16:55

Re: !!! LinkedIn/eHarmony password breach !!!
 
Quote:

Originally Posted by Tom1234 (Post 1577510)
What's to stop the new one being hacked too?

make it a super long password with a large character set.

Tom1234 07.06.2012 17:06

Re: !!! LinkedIn/eHarmony password breach !!!
 
Quote:

Originally Posted by Phil_MCR (Post 1577538)
make it a super long password with a large character set.

It was anyway :)

Phil_MCR 07.06.2012 17:07

Re: !!! LinkedIn/eHarmony password breach !!!
 
Quote:

Originally Posted by Tom1234 (Post 1577560)
It was anyway :)

then you have no worries then. ;)

adrianlondon 07.06.2012 17:17

Re: Major security breach at LinkedIn
 
Quote:

Originally Posted by NotAllThere (Post 1577183)
If you wish to check if your password is possibly one of those hacked, you can go to www.leakedin.org

So, just type in my password to some random web site? Yeah, I'll get right on it.


All times are GMT +2. The time now is 07:25.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0