passengers
Sign in with
Sign up | Sign in

LinkedIn Confirms Password Theft; eHarmony Hacked Too

By - Source: LinkedIn | B 11 comments

LinkedIn has confirmed that passwords were stolen by a hacker, and has reset the affected accounts. eHarmony also suffered an assault by the same hacker.

LinkedIn confirmed on Wednesday that passwords were indeed stolen by a hacker. The confirmation came after a Russian forum user reportedly hacked into LinkedIn and uploaded 6,458,020 passwords (without usernames) as proof. The passwords were encrypted with the SHA-1 cryptographic hash function that's used in SSL and TLS.

"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," the company said Wednesday night. "We are continuing to investigate this situation."

LinkedIn users will know that they were on the hacker's list when trying to log in, as their password will no longer be valid. These members will also receive an email from LinkedIn with instructions on how to reset their passwords -- there will not be any links in this email. Affected users will also receive an email from the Customer Support team providing "more context on this situation and why they are being asked to change their passwords."

"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," the company said.

BusinessWeek reports that the Irish Data Protection Commissioner’s Office may start an investigation into LinkedIn's data breach. Gary Davis, Ireland’s deputy data-protection commissioner, said that the incident falls within the area that can be investigated under the agency’s code of practice on data breaches. Irish privacy regulators could even stick LinkedIn with a hefty fine over the password fiasco.

"We are in ongoing contact with LinkedIn in relation to the matter," Davis said in an e-mail. "I am not in a position to indicate how we will be progressing."

Meanwhile, the same hacker that stole the LinkedIn passwords -- aka "dwdm" -- also hacked into online dating site eHarmony, running off with 1.5 million passwords and posting them online at insidepro.com in a second list. As with the LinkedIn leak, usernames were not attached to the passwords, but it's assumed that the information is available to the hackers who obtained the list, and possibly available to others on underground forums.

As with LinkedIn, eHarmony wouldn't verify the actual number of passwords that was actually stolen, or how the hacker gained access to the information. "After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate," the company said in a blog.

eHarmony has followed LinkedIn's lead and reset the passwords of affected accounts. It also provided a list of steps users need to take to secure their account such as creating a stronger password using numbers, letters, numbers and symbols; changing the password every few months; and not using the same password for every website.

On Thursday Security researcher Adi Sharabani said that LinkedIn's security breach should be a wake-up call for a social website that has quietly grown popular under the radar over the last few years. The company should look carefully at how its data is protected, what data it collects and how that all matches up with its terms of service.

"Sometimes a security issue is what’s needed for a company to take extremely seriously safety, security and privacy," Nigam told the Washington Post.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 16 Hide
    igot1forya , June 7, 2012 7:41 PM
    If I were I news headline writer, I'd write, "Hackers get intimate with eHarmony, users get violated" or "LinkedIn updates resume' to include p0wned"

    :) 
Other Comments
  • 16 Hide
    igot1forya , June 7, 2012 7:41 PM
    If I were I news headline writer, I'd write, "Hackers get intimate with eHarmony, users get violated" or "LinkedIn updates resume' to include p0wned"

    :) 
  • 4 Hide
    gmarsack , June 7, 2012 7:46 PM
    My vote is for "Hackers get intimate with eHarmony, users get violated". Nice one bro!
  • Display all 11 comments.
  • 3 Hide
    internetlad , June 7, 2012 8:05 PM
    Yeah, but you forget this article was written by Kevin Parrish. To be honest, i'm surprised he managed to write an article title without "nuke" or a string of 1337 gamer jargon in the title
  • -3 Hide
    freggo , June 7, 2012 8:43 PM
    gmarsackMy vote is for "Hackers get intimate with eHarmony, users get violated". Nice one bro!


    Or better "Hacker get's caught and violated by big Babba and his buds in the showers"

    I am so sick and tired of these glorified criminals. It is time to revoke their ability to hack.
    Single cell with only a 300baud modem :-)
  • 1 Hide
    thecolorblue , June 7, 2012 9:53 PM
    perhaps something good can come out of incidents such as these... shows how nuts people have to be to use "cloud" services for anything personal or valuable.

    perhaps toms will write an article about the inherent and inescapable security risks that aremassociated with cloud services?
  • 0 Hide
    Zingam_Duo , June 7, 2012 10:22 PM
    Stallman was write :D  No passwords = No password theft!
  • 3 Hide
    Zingam_Duo , June 7, 2012 10:23 PM
    freggoOr better "Hacker get's caught and violated by big Babba and his buds in the showers"I am so sick and tired of these glorified criminals. It is time to revoke their ability to hack. Single cell with only a 300baud modem :-)


    Or maybe you could ask the CEOs of the affected companies how much is their bonus and how much they pay for security :D  Maybe something like 10:1 :D 
  • 0 Hide
    f-14 , June 8, 2012 2:13 AM
    internetladYeah, but you forget this article was written by Kevin Parrish. To be honest, i'm surprised he managed to write an article title without "nuke" or a string of 1337 gamer jargon in the title

    lulz which is worse kevin or yahoo sports writer chris chase?
  • 1 Hide
    rantoc , June 8, 2012 4:34 AM
    What is collecting all data at one spot rather than individual systems?
    What is available 24/7 to hackers compared to individual systems thats turned off when not used?
    What is NOT unhackable and it have been proven over and over?

    - The cloud!

    Only a lunatic would have sensitive information stored in the cloud until there is a unhackable system yet the corporations want you to store all your life there just waiting to get picked up!
  • 0 Hide
    eddieroolz , June 8, 2012 2:48 PM
    What's happening to all these companies...
  • 0 Hide
    RADIO_ACTIVE , June 8, 2012 3:29 PM
    Hackers need a date but don't want to sign up for the service lol /jk of course
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS