homepage Welcome to WebmasterWorld Guest from 54.167.10.244
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Report: LinkedIn User Passwords Hacked
engine




msg:4462041
 1:45 pm on Jun 6, 2012 (gmt 0)

According to researchers, LinkedIn user passwords have been hacked.

Top advice might be to change your password just in case it turns out true.

Report: LinkedIn User Passwords Hacked [thenextweb.com]
...LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked.



Our team is currently looking into reports of stolen passwords. Stay tuned for more.

http://twitter.com/LinkedInNews/status/210356986401927168

 

BeeDeeDubbleU




msg:4462060
 2:25 pm on Jun 6, 2012 (gmt 0)

I changed mine anyway.

engine




msg:4462093
 4:04 pm on Jun 6, 2012 (gmt 0)

Wise move BDW, and either way, it won't do any harm.

It appears that the passwords are encrypted, so even if the hackers have them, they've yet to get to them.

Andy Langton




msg:4462223
 10:22 pm on Jun 6, 2012 (gmt 0)

The password are very weakly encrypted (no salt) and can be easily obtained if they are short or not sufficiently complex (a matter of seconds to decrypt a 5 character password, for instance). There are actually pointers in the file that around 1/2 may already have been decrypted.

I checked the file myself, and it did indeed contain my password, which was unique to LinkedIn. Many others have reported that their unique/randomly generated passwords are also in the file.

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.

incrediBILL




msg:4462416
 11:46 am on Jun 7, 2012 (gmt 0)

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.


People that uses the same password anywhere will eventually get what they deserve, hacked.

I never use the same password on 2 different services and it's never just a word you could find in the dictionary either which is why I'm not worried if anyone ever gets one password, so what, now I have a problem with just one login.

Remembering unique passwords really isn't that hard except the ones you create when drunk and those can sometimes be a challenge to remember when (if) you're sober again ;)

Andy Langton




msg:4462436
 1:22 pm on Jun 7, 2012 (gmt 0)

LinkedIn have confirmed the hack over here: [blog.linkedin.com...]

Frankly, they should be a bit more upfront about the fact that they were not storing passwords in a manner anywhere approaching secure enough for a site with so much personal information on it (i.e. they should be using salt).

Let's face it, the average user could not function with the amount of passwords they need if they used complex passwords and changed them for each site, so the onus is on sites like linkedin to at least take sufficient steps to protect such people - even if their password management is the individual's own responsibility.

It's no surprise that there are passwords like "linkedin" in the list ;)

anshul




msg:4463814
 8:38 am on Jun 11, 2012 (gmt 0)

If someone puts a intricate password, forgets it or loses the account, they can restore the account using by phone verification or by using identity proof.

Automan Empire




msg:4466312
 8:22 pm on Jun 16, 2012 (gmt 0)

As one wag put it, "What are they going to do, go in and update your resume?"

J_RaD




msg:4466350
 11:16 pm on Jun 16, 2012 (gmt 0)


As one wag put it, "What are they going to do, go in and update your resume?"


well..... if i knew every single place you worked, durations, what school you went to, and everything else in between about you. You'd be come pretty easy to clone.

rocknbil




msg:4467276
 5:11 pm on Jun 19, 2012 (gmt 0)

Well, for starters one could start spamming all the people you're linked to. There are also paid ads there and other paid services that could be abused. If it's got a login, there is some way to abuse it.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved