TechWeekEurope UKLinkedIn: Password Breach Cost Us As Much As $1m. The LinkedIn hack and lessons learned. LinkedIn: No accounts hacked as result of stolen passwords. LinkedIn today updated its users on the stolen password fiasco that arose last week in which 6.4 million passwords were illegally obtained and posted on a Russian Web site.
According to a blog post from LinkedIn’s Vicente Silveira the company has received no reports that member accounts have been breached as a result of the stolen passwords. Silveira also said that the company is working with the FBI to “aggressively pursue the perpetrators of this crime.” “First, it’s important to know that compromised passwords were not published with corresponding email logins,” Silveira wrote. “At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. Analysis of Passwords Dumped from LinkedIn. I love taking a look at dumped passwords and analyzing them with Pipal by DigiNinja.
Pipal is a great analytical program that takes a password dump and looks for patterns, including password lengths and complexities. I have always liked statistics and you can learn a lot from running passwords through Pipal. I took a quick look at Pastebin and found that Stefan Venken (@StefanVenken) had already taken almost a million and a half of the LinkedIn passwords and analyzed them with Pipal. LinkedIn dials 911 on password mega-leak hackers. How Charles Dickens helped crack your LinkedIn password. Kevin Young, a computer security expert who studies passwords, is nearly at a loss for words.
Literally. Young and his colleagues are working to decode some 2.6 million scrambled LinkedIn passwords, part of a total of 6.1 million released earlier this week on a Russian password cracking forum. Young studies how people pick passwords and how resistant they are to cracking. The data that was released were password hashes, or cryptographic representations of passwords churned through an algorithm called SHA-1. For example, if a person's password is "Rover" the SHA-1 hash would be "ac54ed2d6c6c938bb66c63c5d0282e9332eed72c. "
Avoiding Password Breaches 101: Salt Your Hash. “Change your passwords now.
Like, every password you use on every website you have ever visited.” You may have heard this advice from tech publications and mainstream rags after password leaks were discovered at LinkedIn, eHarmony and Last.fm. It is a good idea to change passwords at least a couple times a year anyway. But the problem does not lie solely with the users. It also lies with the way companies approach password security. LinkedIn's security issue reveals obvious: Passwords, users always a weak link.
The years change, but the stories remain the same.
Passwords are a crappy defense and most of us use poor ones in exchange for ease of use. Some LinkedIn users had their passwords stolen. Phishing attacks ensued to prey on LinkedIn users. Now eHarmony has had issues. » How To Protect Your Hacked LinkedIn Account. LinkedIn confirme son piratage, un site de rencontre également touché. Vérifier si son mot de passe LinkedIn a été hacké. 'I wish I was dead': Leaked LinkedIn passwords show that not EVERYONE is in love with their job. If it turns out that LinkedIn passwords have leaked... - Unscrewing Security. Unscrewing Security Alec Muffett Subscribe to this blog About Author Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source.
Updating Your Password on LinkedIn and Other Account Security Best Practices. Our security team continues to investigate this morning’s reports of stolen passwords.
At this time, we’re still unable to confirm that any security breach has occurred. You can stay informed of our progress by following us on Twitter @LinkedIn and @LinkedInNews. An Update on LinkedIn Member Passwords Compromised. We want to provide you with an update on this morning’s reports of stolen passwords.
We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: 6.5 Million LinkedIn Password Hashes Leaked. Some observations on this file: 0.
This is a file of SHA1 hashes of short strings (i.e. passwords). 1. There are 3,521,180 hashes that begin with 00000. LinkedIn confirms 'some' passwords leaked. Computerworld - In response to widespread reports of a massive data breach at LinkedIn, the company Wednesday confirmed that passwords belonging to "some" of its members have been compromised.
In a carefully worded blog post, LinkedIn director Vicente Silveira said the company has confirmed that an unspecified number of hashed passwords posted publicly on a Russian hacker forum earlier this week, "correspond to LinkedIn accounts. " Silveira made no mention of how the passwords may have ended up on the forums but noted that LinkedIn is continuing to investigate. "Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid," Silveria said. More than 6 million LinkedIn passwords likely stolen - Jun. 6. Researchers say a stash of what appear to be LinkedIn passwords were protected by a weak security scheme. NEW YORK (CNNMoney) -- Russian hackers released a giant list of passwords this week, and on Wednesday security researchers identified their likely source: business social networking site LinkedIn.
LinkedIn (LNKD) confirmed in a blog post late Wednesday afternoon that some of the stolen passwords correspond to LinkedIn accounts. The company did not offer any information about how the passwords were stolen or the extent of the damage, but it said it is "continuing to investigate" the matter. Dating site eHarmony also announced Wednesday that some of its users' passwords were stolen in the attack. If LinkedIn Hasn't Fixed Its Massive Security Breach, A New Password May Not Be Enough. Change Your LinkedIn Password Right Now! Two Security Firms Say They Verified LinkedIn Breach - Digits. Change Your LinkedIn Password Immediately. Don't Worry About LinkedIn's Calendar Sync.