Welcome to WebmasterWorld Guest from 54.226.238.178

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Report: LinkedIn User Passwords Hacked

     
1:45 pm on Jun 6, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23265
votes: 359


According to researchers, LinkedIn user passwords have been hacked.

Top advice might be to change your password just in case it turns out true.

Report: LinkedIn User Passwords Hacked [thenextweb.com]
...LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked.



Our team is currently looking into reports of stolen passwords. Stay tuned for more.

http://twitter.com/LinkedInNews/status/210356986401927168
2:25 pm on June 6, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 3, 2004
posts: 6113
votes: 10


I changed mine anyway.
4:04 pm on June 6, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23265
votes: 359


Wise move BDW, and either way, it won't do any harm.

It appears that the passwords are encrypted, so even if the hackers have them, they've yet to get to them.
10:22 pm on June 6, 2012 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 27, 2003
posts:3331
votes: 138


The password are very weakly encrypted (no salt) and can be easily obtained if they are short or not sufficiently complex (a matter of seconds to decrypt a 5 character password, for instance). There are actually pointers in the file that around 1/2 may already have been decrypted.

I checked the file myself, and it did indeed contain my password, which was unique to LinkedIn. Many others have reported that their unique/randomly generated passwords are also in the file.

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.
11:46 am on June 7, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.


People that uses the same password anywhere will eventually get what they deserve, hacked.

I never use the same password on 2 different services and it's never just a word you could find in the dictionary either which is why I'm not worried if anyone ever gets one password, so what, now I have a problem with just one login.

Remembering unique passwords really isn't that hard except the ones you create when drunk and those can sometimes be a challenge to remember when (if) you're sober again ;)
1:22 pm on June 7, 2012 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 27, 2003
posts:3331
votes: 138


LinkedIn have confirmed the hack over here: [blog.linkedin.com...]

Frankly, they should be a bit more upfront about the fact that they were not storing passwords in a manner anywhere approaching secure enough for a site with so much personal information on it (i.e. they should be using salt).

Let's face it, the average user could not function with the amount of passwords they need if they used complex passwords and changed them for each site, so the onus is on sites like linkedin to at least take sufficient steps to protect such people - even if their password management is the individual's own responsibility.

It's no surprise that there are passwords like "linkedin" in the list ;)
8:38 am on June 11, 2012 (gmt 0)

Full Member

10+ Year Member

joined:July 25, 2004
posts:311
votes: 0


If someone puts a intricate password, forgets it or loses the account, they can restore the account using by phone verification or by using identity proof.
8:22 pm on June 16, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 22, 2005
posts:195
votes: 0


As one wag put it, "What are they going to do, go in and update your resume?"
11:16 pm on June 16, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2006
posts:1661
votes: 10



As one wag put it, "What are they going to do, go in and update your resume?"


well..... if i knew every single place you worked, durations, what school you went to, and everything else in between about you. You'd be come pretty easy to clone.
5:11 pm on June 19, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Well, for starters one could start spamming all the people you're linked to. There are also paid ads there and other paid services that could be abused. If it's got a login, there is some way to abuse it.