LinkedIn passwords stolen

Blogs, Facebook, Twitter, and promoting your book on the Internet
Post Reply
Doug Pardee
Posts: 146
Joined: February 18th, 2011, 6:56 pm
Contact:

LinkedIn passwords stolen

Post by Doug Pardee » June 6th, 2012, 3:36 pm

If you have a LinkedIn account, you should seriously consider changing the password immediately. Millions of LinkedIn passwords, perhaps all of them, have been stolen.

News story: http://arstechnica.com/security/2012/06 ... -linkedin/

LinkedIn's Twitter feed: https://twitter.com/#!/LinkedInNews

The same happened to eHarmony, but that's not really relevant to this board.

Edit 12:45 PM PDT LinkedIn now confirms password theft. They're disabling access to compromised accounts. See their blog posting:
http://blog.linkedin.com/2012/06/06/lin ... mpromised/

User avatar
Mira
Posts: 1354
Joined: December 7th, 2009, 9:59 am
Contact:

Re: LinkedIn passwords stolen

Post by Mira » June 9th, 2012, 4:12 pm

Thanks Doug!

I heard about this. I'm debating. Such a pain in the neck to go change all my passwords, although it's probably a good idea to do it every couple of months anyway. I'll have to get organized!

Frankly, I haven't used Linkin that much. Not really sure what you're supposed to do once you sign up and connect with some folks....

Does anyone really know how to use Linkin well? I'd be curious.

writersink
Posts: 167
Joined: October 31st, 2011, 12:30 pm
Contact:

Re: LinkedIn passwords stolen

Post by writersink » June 10th, 2012, 5:44 am

Mira wrote:
Does anyone really know how to use Linkin well? I'd be curious.
I haven't even heard of it :)

lindsayB3462
Posts: 21
Joined: August 25th, 2012, 7:44 am
Contact:

Re: LinkedIn passwords stolen

Post by lindsayB3462 » September 5th, 2012, 4:46 am

ha? didn't know about it. This post is from June. So, I am three months late. I am going to change the password now. Any suggestions regarding preventing the password stealing?

Doug Pardee
Posts: 146
Joined: February 18th, 2011, 6:56 pm
Contact:

Securing passwords

Post by Doug Pardee » September 5th, 2012, 1:27 pm

lindsayB3462 wrote:Any suggestions regarding preventing the password stealing?
You can't do anything about passwords being stolen. That's up to the web site operators. And 100% security is impossible.

Provided that the web site has encrypted the passwords, you can make your password harder to decrypt. In recent years the hackers have developed some incredibly powerful tools such as rainbow tables and gigantic lists of actual passwords that have been used in the past, and any advice on password-picking that's more than a few years old is probably out-of-date. Here's an article that's kind-of techy, but makes the point that it's gotten darned hard to pick a password that isn't easily decrypted: http://arstechnica.com/security/2012/08 ... r-assault/ [Hint: length still matters. The longer the password, the harder to crack, unless it appears on a list of previously-known passwords.]

What you really must do is to stop using the same password for multiple sites. The big problem with the LinkedIn break-in wasn't that shady people could now log into your LinkedIn account, but that you probably used the same password on a bunch of different accounts, and now they have your email address(es) and the password. A simple script will try hundreds of popular sites — including most of the webmail sites — to see which ones it can log into. If they can get into your email account, they can start requesting "forgot my password" actions from other sites that you used a different password on. How bad can the result be? Wired magazine's Mat Honan recently found out: http://www.wired.com/gadgetlab/2012/08/ ... n-hacking/

For me, the LinkedIn hack was the wake-up call. Like most people, I'd been using about a half-dozen different passwords across about 150 different sites. I got a password management program — me, I went with OnePass — and started changing passwords everywhere. Every one of the web sites I access now has a different password, and OnePass takes care of supplying the correct password. It also generates random passwords for me whenever I sign up at a new site or change the password on an existing one.

Now, if hackers break into a site and get my password, at most they'll have my password to that one site. And if that site properly encrypted my password, the hackers probably won't even be able to get even that much.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest