Reports have been circulating that more than 6 million hashed user passwords have been stolen from the popular LinkedIn site and posted on the internet. LinkedIn representatives initially failed to confirm the stories, responding by saying… the matter is currently under investigation. They have now confirmed that the reports are indeed factual.
It has also been confirmed that the original Russian hacker and his/her cohorts have now decrypted around 60% of the stolen hashed passwords, which amounts to around 3.5 million passwords now on public record.
If you are a LinkedIn member please go to THIS PAGE and read through the advice posted by LinkedIn Director Vincente Silveira.
NOTE: In the announcement from LinkedIn, Vincent Silveira mentions that they are now ‘salting’ the passwords, which adds an extra layer of protection by slowing down hackers who are attempting to brute force passwords. I wonder if the words… ‘shutting the stable door after the horse has already bolted’ means anything to them!
eHarmony representative Becky Teraoka has announced that the company is resetting passwords for affected users. Unfortunately, eHarmony doesn’t go into much detail about the security incident – saying only that “a small fraction” of its userbase has been affected, and there appears to be no information available as to how the security breach actually occurred.
As with the LinkedIn case, eHarmony user passwords have been exposed in the form of hashes – it is believed that more than one million eHarmony passwords were uploaded to websites, where hackers were again encouraged to collaborate in cracking them.
Read through Becky Teraoka’s announcement HERE.
DCT’s Advice: Any affected LinkedIn or eHarmony members who utilize the same, or even similar passwords, on other sites should change all those passwords as soon as possible.
I don’t use LinkedIn myself, and as for eHarmony – well the only thing I know about that organization, apart from the obvious, is that their TV ads are extremely irritating. Still, it all begs the question – why are these sites/organizations not protecting their databases, and ultimately their users, much more effectively?