6.5 million LinkedIn passwords leaked online
Source: The Independent
KEVIN RAWLINSON WEDNESDAY 06 JUNE 2012
Nearly 6.5 million passwords belonging to users of the professional social networking site LinkedIn have been leaked online, according to reports.
Users are being urged to change their login details over fears that, if confirmed, the leak would compromise vast amounts of personal data, including contact information. The information was reportedly posted as encrypted on a Russian hackers website and 300,000 are said to have been decrypted, with work ongoing, according to the respected technology blog The Next Web.
LinkedIn, which faced criticism recently after it was revealed that its mobile app was sending certain information from users phones back to the company without their knowledge, posted a message on Twitter saying it was looking into the reports, which are as yet unconfirmed.
A file containing 6,458,020 encoded passwords was posted online, and hackers across the world are said to be collaborating to decipher them.
...
http://www.independent.co.uk/news/uk/crime/65-million-linkedin-passwords-leaked-online-7820696.html
Read more: http://www.independent.co.uk/news/uk/crime/65-million-linkedin-passwords-leaked-online-7820696.html
Change your passwords. CNET is also reporting this with a little more technical detail http://news.cnet.com/8301-1009_3-57448079-83/millions-of-linkedin-passwords-reportedly-leaked-online/
GreenPartyVoter
(72,377 posts)Esse Quam Videri
(685 posts)Thanks for posting the notice.
Honeycombe8
(37,648 posts)It's a PW to a site where you don't buy anything (most don't), don't have credit card or other information like that on there.
The most they could get from me is my email address (which isn't even my main email address).
boppers
(16,588 posts)Ron Obvious
(6,261 posts)After all, these are encrypted passwords. Presumably a lot of them will be vulnerable from dictionary and baby name list attacks, but if you use strong passwords with mixed case, alphanumeric and punctuation mixed symbols you'd be better off. It's not that those are impossible to crack, they're just not the low-hanging fruit that many of the other passwords represent.
boppers
(16,588 posts)Much more efficient than dictionary attacks, and include silliness like "P455w.rd", and other super-common mixed case, mixed character, "hard" passwords...
http://en.wikipedia.org/wiki/Rainbow_table
Ron Obvious
(6,261 posts)My knowledge on this topic is pretty out of date, so thanks for the link to the article. It seems that these are precomputed hashing sequences to help speed up the computation of the hash value. I've heard conflicting reports on whether LinkedIn salted their hashes (which would make those precomputed table sequences useless, I assume).
I also didn't actually know that you could have significant value in having precomputed hashing sequences singe changing as little as one bit seems to yield radically different hashes to me.
Woody Woodpecker
(562 posts)Saw it once, didn't like it, didn't look back.
Stupid recruiters are still trying to get me to use LinkedIn. No thanks.
Either you see my resume, or you move on.
DaveJ
(5,023 posts)I work in technology, so maybe it's different for me. But I was just joking yesterday about how funny it would be if I got another job at a web development company and said all I know is some old technology, and said to them on my first day "that's all I know, and that all I do." It would be kind of ridiculous to avoid new technology and new ways of doing things. In my field at least.
eggplant
(3,911 posts)Password changed.
KaryninMiami
(3,073 posts)daaron
(763 posts)A couple years ago.
slackmaster
(60,567 posts)Auggie
(31,164 posts)Thanks Catherina
louis-t
(23,292 posts)Site is bombarded with people trying to do same. Can't even get on.
MADem
(135,425 posts)I keep getting odd invitations, purportedly from my friends, to "join" the stupid thing--I figure the LinkedIn creeps have data-mined the mailboxes of my friends. I am not curious enough to join to find out, but I am wondering what is the advantage of the site? What purpose does it serve?
Catherina
(35,568 posts)I'm so glad I never accepted any of those invitations either.
slackmaster
(60,567 posts)I found it to be a wonderful source of job leads last time I was looking.
I've also used it to re-connect with a bunch of former co-workers and classmates.
drm604
(16,230 posts)Catherina
(35,568 posts)and I see its good points but it seemed so invasive.
If I were looking for a job, I'd probably change my tune in a hurry.
MADem
(135,425 posts)People can read yours, and you can read theirs..! TMI for me!
All this "sharing!"
I'm glad I'm retired!
Honeycombe8
(37,648 posts)If anyone in your business is looking for you, your business information will be there. People can email you through that site, but they don't have your email address, so that stays private. You "connect" with others, and then pics of others who are connected to your connection pop up as possible new connections for you. The purpose of connections is to network, as well as to stay in touch with co-workers and colleagues, when you're maybe not close enough to be friends.
If you are looking for a new job, a lot of employers check LinkedIn to see if you have a presence there. You can post your resume there, or in your profile just give the basics of your training, education, and work history, as well as a photo.
I recently changed jobs, and several people were able to locate me at my new employer because of my updated LinkedIn profile.
There is a slight social aspect to it, in that you can join groups that are based on common interests. Most of them are occupational or professional groups (like I joined several technie groups). Those are good places to post a question; people there are likely to know the answer. Also, there are social groups, like the Organic Gardening group, etc.
It's not like Facebook at all. It's mainly a business site for people to maintain a professional presence.
BTW, my new employer checked me out on LinkedIn before hiring me. He also checked to make sure I did not have a Facebook account, or at least anything inappropriate on a Facebook account. But I don't have a Facebook account.
drm604
(16,230 posts)dhill926
(16,337 posts)changed.....
BadGimp
(4,015 posts)Already getting spam as a result
Yikes
LinkedIN is the single most valuable site for me as it relates to my career...
slackmaster
(60,567 posts)BTW, even if some scumbags got your SHA1 hashed password it's unlikely they were able to unscramble it. It's not impossible, and the likelihood is inversely proportional to the complexity of the password.
SemperEadem
(8,053 posts)like this because of these very reasons.
Eugene
(61,872 posts)Source: Los Angeles Times
http://www.latimes.com/business/technology/la-fi-tn-eharmony-hacked-linkedin-20120606,0,4578300.story
By Salvador Rodriguez
June 6, 2012, 4:56 p.m.
EHarmony, the popular online dating site, was the target of a password hacking attack that resulted in 1.5 million stolen passwords, most of which have been cracked.
The attack is believed to be by the same hacker who stole 6.5 million passwords from LinkedIn, the career-oriented social network.
The hacker posted two lists containing the 8 million passwords on the website insidepro.com, on which the user goes by the name of "dwdm."
The larger list contained some passwords LinkedIn has now confirmed as belonging to its social network. and a significant number of the passwords on the smaller list contained the words "eHarmony" or "harmony," according to Ars Technica.
[font size=1]-snip-[/font]
Read more: http://www.latimes.com/business/technology/la-fi-tn-eharmony-hacked-linkedin-20120606,0,4578300.story
octothorpe
(962 posts)Now watch some big targets change their linkedin password, but not bother changing passwords to other things using the same passwords...
octothorpe
(962 posts)so even if they do get a hit, they don't know who to use it on. Of course someone may have the emails, but is keeping them to themselves.
Also, I would avoid any site that offers to check to see if your hash in the leaked list. You might simply be helping them figure out your plain-text password quicker than usual, and you may also leave a way for them to link that password to you.