[hablyShappY]

Change Your LinkedIn Password Right Now!

6.5 million encrypted LinkedIn passwords have leaked, reports Norwegian IT site Dagens IT (found via The Next Web).

The passwords were shared via a Russian hacker site, and security researcher Per Thorsheim confirms that the leak is legit.

LinkedIn hasn't offered any statement on the incident at the time of this writing, but we would strongly suggest changing your password.

Read more: http://www.businessinsider.com/linke...#ixzz1x2WF2kJG

[YpciJQdo]

Just did it.

BTW....add me if you want to Nline. Not on there a lot, but i can write recommendations, etc, for your business.

[SaLifHoq]

LinkedIn just confirmed data breach. http://blog.linkedin.com/2012/06/06/...s-compromised/

[appabessy]

I got a request from Indy today in my spam folder, I thought that was strange. Guess I should send her an email.

[pharmablogger]

An Update on LinkedIn Member Passwords Compromised
Vicente Silveira, June 6, 2012

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.

http://blog.linkedin.com/2012/06/06/...s-compromised/

[HilaryNidierer]

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases. That is website security 101. Who ever is in charge of IT and LinkedIn needs to be on the unemployment line.

Of course idiot end users, yes I am talking to YOU, the jerk who is surfing Facebook on company time, who select "password" as their password for every site they visit deserves to have their bank accounts drained. Learn how to pick proper passwords. Your maiden name, the names of your dogs or children, your address, 123456, are all STUPID PASSWORDS that any one can guess. Hackers can run the entire frakin' dictionary on a password database in seconds. The best passwords are random numbers, letters, and symbols. If you can't remember such passwords then get a password program like keepass or an online password service like lastpass.com. Then you only have to remember one password stored locally on your computer.

[mtautomoscow]

[maxfieldj1]

That is website security 101. Who ever is in charge of IT and LinkedIn needs to be on the unemployment line.

Of course idiot end users, yes I am talking to YOU, the jerk who is surfing Facebook on company time, who select "password" as their password for every site they visit deserves to have their bank accounts drained. Learn how to pick proper passwords. Your maiden name, the names of your dogs or children, your address, 123456, are all STUPID PASSWORDS that any one can guess. Hackers can run the entire frakin' dictionary on a password database in seconds. The best passwords are random numbers, letters, and symbols. If you can't remember such passwords then get a password program like keepass or an online password service like lastpass.com. Then you only have to remember one password stored locally on your computer.

Wait, are they saying their password database was in clear text that anyone who gained access to it could read?

[opergolon]

MD5 hashed only. No salting. MD5 was being cracked some time back and no salt is stupid. Microsoft revoked several certificates last Sunday because the Flame Spyware that also was a cracking of MD5. You can run dictionary attacks against such hashes now and it doesn't take much equipment. GPUs are great for such things.


Not that any of that matters much. If they can download your shadow password file they have root access and own the system. They could rewrite code to capture the passwords as people enter them. Most hackers aren't really doing much of that. They just steal passwords and user names, which are often email addresses, and try and crack them. As many fools, ur, internet users use the same login information everywhere it isn't hard to find financial logins that match. Watch your credit cards people.

[Pataacculako]

MD5 hashed only. No salting. MD5 was being cracked some time back and no salt is stupid. Microsoft revoked several certificates last Sunday because the Flame Spyware that also was a cracking of MD5. You can run dictionary attacks against such hashes now and it doesn't take much equipment. GPUs are great for such things.


Not that any of that matters much. If they can download your shadow password file they have root access and own the system. They could rewrite code to capture the passwords as people enter them. Most hackers aren't really doing much of that. They just steal passwords and user names, which are often email addresses, and try and crack them. As many fools, ur, internet users use the same login information everywhere it isn't hard to find financial logins that match. Watch your credit cards people.

I actually use a different password for every financial website I use.

The only time I was keylogged it was so someone could gain access to my World of Warcraft account & steel my fake gold & sell my fake gear so they could turn around & sell it for Real money. LOL!

[Vegeinvalge]

Just did it.

BTW....add me if you want to Nline. Not on there a lot, but i can write recommendations, etc, for your business.

Thanks you will have to send me an invite. You don't show up on my searches.