![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
LinkedIn Passwords apparently stolen
I just sent this around at work, but it could probably use a signal-boost here as well:
http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Summary: it appears that LinkedIn got hacked, and ~8 million passwords were stolen. (This is not confirmed, but seems to be the consensus in the security community.)
Now before anybody panics, that’s far from all of them: it’s a small subset of LinkedIn’s DB. And they were stolen in hashed form: LinkedIn wasn’t so incompetent as to store them in plaintext.
That said, their security was apparently weak, and the hashes are relatively weak and crackable: determined hackers are blowing through the easy ones quickly, and are making their way through the rest. And the 8 million that were posted may just be a subset of what was stolen.
So: if you have a LinkedIn account, change your password *now*. If you use the same password for other sites, it would be adviseable to change it there as well, since it isn't hard to go from a LinkedIn account and start making guesses about accounts elsewhere on the Internet.
http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Summary: it appears that LinkedIn got hacked, and ~8 million passwords were stolen. (This is not confirmed, but seems to be the consensus in the security community.)
Now before anybody panics, that’s far from all of them: it’s a small subset of LinkedIn’s DB. And they were stolen in hashed form: LinkedIn wasn’t so incompetent as to store them in plaintext.
That said, their security was apparently weak, and the hashes are relatively weak and crackable: determined hackers are blowing through the easy ones quickly, and are making their way through the rest. And the 8 million that were posted may just be a subset of what was stolen.
So: if you have a LinkedIn account, change your password *now*. If you use the same password for other sites, it would be adviseable to change it there as well, since it isn't hard to go from a LinkedIn account and start making guesses about accounts elsewhere on the Internet.
no subject
http://www.bbc.co.uk/news/technology-18351986
So if I don't get a (real) e-mail from LinkedIn and I was able to log in with my old password when I went to change it, can I reasonably let myself believe that my info wasn't stolen?
no subject
Anecdotally, it looks like a pretty hefty chunk of the password file got stolen: discussions I've seen in the tech community seem to be evenly split between people who found their (relatively secure) passwords in the posted file and those who didn't.
But the article is a good reminder to be cautious -- the scam described there sounds relatively innocuous, but it does serve as a reminder that more-serious phishing scams are pretty much certain under the circumstances...