Welcome to WebmasterWorld Guest from 54.166.191.159

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Report: LinkedIn User Passwords Hacked

     
1:45 pm on Jun 6, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



According to researchers, LinkedIn user passwords have been hacked.

Top advice might be to change your password just in case it turns out true.

Report: LinkedIn User Passwords Hacked [thenextweb.com]
...LinkedIn user accounts are now said to have been compromised, with 6.5 million hashed and encrypted passwords reportedly leaked.



Our team is currently looking into reports of stolen passwords. Stay tuned for more.

http://twitter.com/LinkedInNews/status/210356986401927168
2:25 pm on Jun 6, 2012 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I changed mine anyway.
4:04 pm on Jun 6, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Wise move BDW, and either way, it won't do any harm.

It appears that the passwords are encrypted, so even if the hackers have them, they've yet to get to them.
10:22 pm on Jun 6, 2012 (gmt 0)

WebmasterWorld Senior Member andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The password are very weakly encrypted (no salt) and can be easily obtained if they are short or not sufficiently complex (a matter of seconds to decrypt a 5 character password, for instance). There are actually pointers in the file that around 1/2 may already have been decrypted.

I checked the file myself, and it did indeed contain my password, which was unique to LinkedIn. Many others have reported that their unique/randomly generated passwords are also in the file.

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.
11:46 am on Jun 7, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.


People that uses the same password anywhere will eventually get what they deserve, hacked.

I never use the same password on 2 different services and it's never just a word you could find in the dictionary either which is why I'm not worried if anyone ever gets one password, so what, now I have a problem with just one login.

Remembering unique passwords really isn't that hard except the ones you create when drunk and those can sometimes be a challenge to remember when (if) you're sober again ;)
1:22 pm on Jun 7, 2012 (gmt 0)

WebmasterWorld Senior Member andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member



LinkedIn have confirmed the hack over here: [blog.linkedin.com...]

Frankly, they should be a bit more upfront about the fact that they were not storing passwords in a manner anywhere approaching secure enough for a site with so much personal information on it (i.e. they should be using salt).

Let's face it, the average user could not function with the amount of passwords they need if they used complex passwords and changed them for each site, so the onus is on sites like linkedin to at least take sufficient steps to protect such people - even if their password management is the individual's own responsibility.

It's no surprise that there are passwords like "linkedin" in the list ;)
8:38 am on Jun 11, 2012 (gmt 0)

10+ Year Member



If someone puts a intricate password, forgets it or loses the account, they can restore the account using by phone verification or by using identity proof.
8:22 pm on Jun 16, 2012 (gmt 0)

10+ Year Member



As one wag put it, "What are they going to do, go in and update your resume?"
11:16 pm on Jun 16, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member




As one wag put it, "What are they going to do, go in and update your resume?"


well..... if i knew every single place you worked, durations, what school you went to, and everything else in between about you. You'd be come pretty easy to clone.
5:11 pm on Jun 19, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Well, for starters one could start spamming all the people you're linked to. There are also paid ads there and other paid services that could be abused. If it's got a login, there is some way to abuse it.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month