BeeDeeDubbleU
msg:4462060 | 2:25 pm on Jun 6, 2012 (gmt 0) |
I changed mine anyway.
|
engine
msg:4462093 | 4:04 pm on Jun 6, 2012 (gmt 0) |
Wise move BDW, and either way, it won't do any harm.
It appears that the passwords are encrypted, so even if the hackers have them, they've yet to get to them.
|
Andy Langton
msg:4462223 | 10:22 pm on Jun 6, 2012 (gmt 0) |
The password are very weakly encrypted (no salt) and can be easily obtained if they are short or not sufficiently complex (a matter of seconds to decrypt a 5 character password, for instance). There are actually pointers in the file that around 1/2 may already have been decrypted.
I checked the file myself, and it did indeed contain my password, which was unique to LinkedIn. Many others have reported that their unique/randomly generated passwords are also in the file.
Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.
|
incrediBILL
msg:4462416 | 11:46 am on Jun 7, 2012 (gmt 0) |
| Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP. |
|
People that uses the same password anywhere will eventually get what they deserve, hacked.
I never use the same password on 2 different services and it's never just a word you could find in the dictionary either which is why I'm not worried if anyone ever gets one password, so what, now I have a problem with just one login.
Remembering unique passwords really isn't that hard except the ones you create when drunk and those can sometimes be a challenge to remember when (if) you're sober again ;)
|
Andy Langton
msg:4462436 | 1:22 pm on Jun 7, 2012 (gmt 0) |
LinkedIn have confirmed the hack over here: [blog.linkedin.com...]
Frankly, they should be a bit more upfront about the fact that they were not storing passwords in a manner anywhere approaching secure enough for a site with so much personal information on it (i.e. they should be using salt).
Let's face it, the average user could not function with the amount of passwords they need if they used complex passwords and changed them for each site, so the onus is on sites like linkedin to at least take sufficient steps to protect such people - even if their password management is the individual's own responsibility.
It's no surprise that there are passwords like "linkedin" in the list ;)
|
anshul
msg:4463814 | 8:38 am on Jun 11, 2012 (gmt 0) |
If someone puts a intricate password, forgets it or loses the account, they can restore the account using by phone verification or by using identity proof.
|
Automan Empire
msg:4466312 | 8:22 pm on Jun 16, 2012 (gmt 0) |
As one wag put it, "What are they going to do, go in and update your resume?"
|
J_RaD
msg:4466350 | 11:16 pm on Jun 16, 2012 (gmt 0) |
As one wag put it, "What are they going to do, go in and update your resume?"
|
|
well..... if i knew every single place you worked, durations, what school you went to, and everything else in between about you. You'd be come pretty easy to clone.
|
rocknbil
msg:4467276 | 5:11 pm on Jun 19, 2012 (gmt 0) |
Well, for starters one could start spamming all the people you're linked to. There are also paid ads there and other paid services that could be abused. If it's got a login, there is some way to abuse it.
|
|
