jducoeur: (Default)
[personal profile] jducoeur
I just sent this around at work, but it could probably use a signal-boost here as well:

http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/

Summary: it appears that LinkedIn got hacked, and ~8 million passwords were stolen. (This is not confirmed, but seems to be the consensus in the security community.)

Now before anybody panics, that’s far from all of them: it’s a small subset of LinkedIn’s DB. And they were stolen in hashed form: LinkedIn wasn’t so incompetent as to store them in plaintext.

That said, their security was apparently weak, and the hashes are relatively weak and crackable: determined hackers are blowing through the easy ones quickly, and are making their way through the rest. And the 8 million that were posted may just be a subset of what was stolen.

So: if you have a LinkedIn account, change your password *now*. If you use the same password for other sites, it would be adviseable to change it there as well, since it isn't hard to go from a LinkedIn account and start making guesses about accounts elsewhere on the Internet.

(no subject)

Date: 2012-06-07 12:52 pm (UTC)
From: [identity profile] aneirin-awenyd.livejournal.com
Supposedly LinkedIn has contacted (is contacting? will be contacting?) those whose passwords were affected and their old passwords are no longer valid.

http://www.bbc.co.uk/news/technology-18351986

So if I don't get a (real) e-mail from LinkedIn and I was able to log in with my old password when I went to change it, can I reasonably let myself believe that my info wasn't stolen?

Profile

jducoeur: (Default)
jducoeur

June 2025

S M T W T F S
12 34567
891011121314
15161718192021
22232425262728
2930     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags