Techlicious: Millions of LinkedIn & eHarmony Passwords Stolen

linkedin passwords stolen

By Josh Kirschner for Techlicious

LinkedIn & eHarmony Confirm Passwords Were Hacked

Professional networking site LinkedIn and dating site eHarmony confirmed yesterday that millions of user passwords have been stolen from their databases and posted on the Internet. If you are a user of either of these services, it’s critical that you change your password immediately on these sites, as well as any other sites for which you use the same password, especially for email, banking or other sensitive data.

The breach was identified when the hacker(s) posted the list of 8 million encrypted passwords to a hacker forum for help with breaking the encryption code. Sophos security is reporting that more than 60% of the passwords have already been cracked.

Worse, while the 8 million passwords posted represent only a small portion of the total users of the sites, some security experts suspect that the hacker(s) may have access to the full password list and only posted those that they were having difficulty cracking. Rick Redman, a security consultant for Kore Logic Security told Ars Technica, “It’s pretty obvious that whoever the bad guy was cracked the easy ones and then posted these, saying, ‘These are the ones I can’t crack.'”

How did this happen? –Article Continued Here

This excerpt appears with permission from Techlicious.

TechTalk Notes:

Email Communication to Linked In Users (06/09/2012)

We recently became aware that some LinkedIn passwords were compromised and posted on a hacker website. We immediately launched an investigation and we have reason to believe that your password was included in the post.

To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event. While a small subset of the passwords was decoded and published, we do not believe yours was among them.

The security of your account is very important to us at LinkedIn. As a precaution, we disabled your password, and advise you to take the following steps to reset it. If you reset your password in the last two days, there is no need for further action.

1. Type directly into your browser
2. Type in your email address and press Sign In, no password necessary
3. Follow the on-screen directions to reset your password

Note: Do not reuse your old password when creating your new password.
If you have been using your old LinkedIn password on other sites, we recommend that you change those passwords too. We appreciate your immediate attention to resetting your password and apologize for the inconvenience.

Thank you,
The LinkedIn Team

253 total views, 1 views today

(Visited 2 times, 1 visits today)

14 thoughts on “Techlicious: Millions of LinkedIn & eHarmony Passwords Stolen

  1. Hey, The LinkedIn Team…if people had any sense they'd stay a million miles away from you anyway! I've never seen such a number of deceptive tactics that you use. You send out phony messages. I've received many supposedly from certain people, and I know for fact that these folk never sent it. I don't like your using my name, numerous times with different emails of mine and different spellings, to send to people I know, in my behalf! I wouldn't send these either. You deceive people by telling them that it comes from someone they trust, and at least 85% of the time it's a blatant lie!

    You KNOW what you're doing! and it's disgusting!

  2. Chase online also uses the "send you a code" method for security. It stinks to have to do it, but it's worth it if it protects my identity. Thanks for the article I hadn't heard this and changed my password immediately. Now I'm going to change them all, all one hundred of them. ha ha!

  3. Here in Hong Kong and in China when you open a bank account you are given a keychain algorithm device and each time you want to log in you must type your username, password, and a unique code from the algorithm device which is only good for about ninety seconds after you push the button on the device. Impossible to crack and so easy to implement.

      • @Kenny G. Smith: Betting that game is World of Warcraft; a device just like that can be purchased from their online store. Provides the highest level of security for accounts in the game.

    • sorry for the late reply. been away from email for a few weeks. this algorithm keychain device has been in hong kong and china for as long as i've been here, since 2006. i don't know when it was first introduced though.

  4. And THAT is why the text message thing where they send you a 1-time useable code to access a website is undefeatable. You also must supply the password but the access code is only accessible when it is sent to YOUR phone. Pretty much very difficult to hijack your account using this method if not impossible. Paypal has instituted it and it works great. Very easy. Gives you a feeling of safety like never before. You could even have a keyboard logger and it wouldn't work for the bad guys. Yeah Baby!

  5. I did what you said to do to reset my p/w but I could not get into the reset function. It kept telling me that you needed to reset my password so go to my email. I followed it exactly but could not get in to change my p/w. Help, I’m stuck in limbo here!?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.