25 {{ upvoteCount | shortNum }}
25 {{ upvoteCount | shortNum }}

LinkedIn Leak: Change your passwords

by Paul Myers
20 replies
Bad Day For LinkedIn: 6.5m Hashed Passwords Reportedly Leaked

Pretty much says it all. Good idea to change your passwords now. And pick something strong enough to avoid simple dictionary attacks, as usual.
#change #leak #linkedin #passwords
  • Profile picture of the author PassiveIncomeTeacher
    This is an area where the internet as a whole has to get better.
    Signature
    ----> Free Landing Page Software
    ---->
    {{ DiscussionBoard.errors[6379121].message }}
  • Profile picture of the author Ewan Lumsden
    Banned
    Changed it now
    {{ DiscussionBoard.errors[6379139].message }}
  • Profile picture of the author sonicadam123
    Thanks for the headsup Paul!

    By the looks of it this could be a rumour .. but always best to be safe than sorry.

    Would be good to know if they got usernames/emails for sure, hopefully Linkedin will give us more on it asap.
    {{ DiscussionBoard.errors[6379172].message }}
    • Profile picture of the author Paul Myers
      Adam,
      By the looks of it this could be a rumour
      Possibly. I've seen enough to make me believe it's worth posting the warning.

      The fact that LinkedIn hasn't found evidence of the crack doesn't reassure me much. Some of these efforts have been so sneaky that you can't find the backdoor/vulnerability without monitoring practices that most companies don't bother with.

      A reminder: Never use the same password on more than one site. Especially sites that are big enough to be useful targets.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[6379263].message }}
      • Profile picture of the author Sandor Verebi
        Originally Posted by Paul Myers View Post

        Adam,Possibly. I've seen enough to make me believe it's worth posting the warning.

        The fact that LinkedIn hasn't found evidence of the crack doesn't reassure me much. Some of these efforts have been so sneaky that you can't find the backdoor/vulnerability without monitoring practices that most companies don't bother with.

        A reminder: Never use the same password on more than one site. Especially sites that are big enough to be useful targets.


        Paul

        ^^^ This!

        I'm always amazed that some people how simple passwords are using that are not hard to guess. But a lot of website advises using complicated passwords - and the occasional exchange of those.

        Some never learn?

        Sandor
        {{ DiscussionBoard.errors[6379365].message }}
  • Profile picture of the author Wide
    More importantly: Do you use the same email and password for your PayPal account? If so, better change PayPal password before anything else!
    Signature

    Test my 21.03% CTR Theme
    http://www.warriorforum.com/warrior-...?highlight=CTR

    {{ DiscussionBoard.errors[6379326].message }}
  • Profile picture of the author dv8domainsDotCom
    *bumping* : This is important people.
    While you may not necessarily be affected, if you are on "the list", and you happen to use same pass across multiple accounts, simply changing your pass on LinkedIn might not be enough. (and definitely recommended to change on multiple sites if that is the case).

    Here's some technical details:
    The password list is 'hashed', meaning it is not plain text of your password.

    SHA-1 : regarded as 1 of the more secure hashing algorithms, but is not foolproof.
    The security folks here might also recognize this vulnerability : They do not use a "salted" hash, which means "cracking" an individual password (or, more correctly a list of viable SHA-1 equivalent hashes of the password) can be expedited through the use of a 'rainbow table'.

    Take some time, think about where else you use these same password, and change it in those systems as well. Don't "panic", but please do take action.

    Short tip: a "complex" password on most sites is defined as what? 8 characters, upper, lower, and a character/number combo... LENGTH, however, is better than complexity (and takes longer to crack). And can be EASIER to remember! complexRandom is semi-secure, but sort of easy to brute-force or hash-attack.

    Example (complexRandom): uC@!*d#! (8 characters; mid-level easy to brute-force, but impossible to remember...)
    Example (Long): MyPuppysNameIsFido!HeIsCute!warDotCom

    ^^^ What is that? (an easy to remember password (not mine, btw ))
    the base length is nearly 30 characters, has complexity AND, a randomness that only I know about (first 3 letters of site, then DotCom or DotOrg or whatever). This means that I can use the same "base" password, and STILL have a different password at EVERY site.

    This is important to avoid the vulnerabilities introduced by password leaks like this. And, unlike complexRandom, I can actually REMEMBER it for EVERY site I go to. And because of the length, it is virtually unbreakable for sites that allow long-ish passwords.


    Rainbow Tables: Rainbow table - Wikipedia, the free encyclopedia
    More News on leak: 6.5 million LinkedIn passwords leaked: report - Technolog on msnbc.com
    Password Length vs. Complexity: Password size does matter | Security Central - InfoWorld

    Fight on warriors!
    -Kevin
    Signature
    Support a Warrior, Save Money!
    Rock Bottom Prices on Domains and Website Hosting
    {{ DiscussionBoard.errors[6379699].message }}
  • Profile picture of the author DonMarketer
    Thanks for the heads up. I've just changed my password (s) !
    Signature
    ***Traffic Is The Life Blood of Your Online Business***

    Want To Send Hoards Of Traffic To Your Website Without Paying A Penny? => Click Here!<=
    {{ DiscussionBoard.errors[6379780].message }}
  • Profile picture of the author Ken Strong
    Just came here minutes ago from Linkedin and no mention of it on their site -- but changed pw anyway. Certainly never hurts.
    Signature
    {{ DiscussionBoard.errors[6379810].message }}
    • Profile picture of the author Mark Andrews
      Banned
      [DELETED]
      {{ DiscussionBoard.errors[6379912].message }}
      • Profile picture of the author Mark Andrews
        Banned
        Thank you Paul - much appreciated.

        Changed mine instantly to something even more complicated than before.

        Like you, I use a different and fairly complicated password for every log-in required on a website. A mixture of upper and lower case letters, numbers, and symbols.

        Too, as an added security measure I don't typically save passwords on the laptop. I keep a hardbound alphabetical address book which contains all of my passwords written down and input manually the password for any given website.

        It's an east reference system which provides just one more extra layer of security to my accounts here and there. And of course, this data is also backed up into extra password books should I ever lose one by accident.

        A very simple system - it works a treat.

        Thank you again Paul for this info.

        Warmest regards,


        Mark Andrews
        {{ DiscussionBoard.errors[6380026].message }}
  • Profile picture of the author payment proof
    I read that earlier today. It was a horrible security breach for LinkedIn!
    {{ DiscussionBoard.errors[6380214].message }}
  • Profile picture of the author Paul Myers
    Confirmation directly from LinkedIn:

    http://blog.linkedin.com/2012/06/06/...s-compromised/
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[6381650].message }}
  • Profile picture of the author lafleurcreative
    Just found this leakedin.org <-- you can check to see if your password was leaked
    Signature
    Use coupon code warrior for 15% off
    {{ DiscussionBoard.errors[6382013].message }}
    • Profile picture of the author Paul Myers
      Originally Posted by lafleurcreative View Post

      Just found this leakedin.org <-- you can check to see if your password was leaked
      I read a warning in a private forum earlier from someone who works at LinkedIn. The summary was: Beware of that site.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[6382028].message }}
      • Profile picture of the author RyanWasHere
        i also just heard about this...this just proves that nothing is really secured in the internet.
        Signature
        Sal-Tech Easy Packaging
        Packaging Made Simple Through Engineering and Good Design
        BAND|STRAP|WRAP|TIE|SHRINK|ERGO|SEAL|WEIGH|LOAD
        Like us on Facebook
        {{ DiscussionBoard.errors[6382237].message }}
  • Profile picture of the author Paul Myers
    Sigh. A related scam...

    That Was Fast: Criminals Exploit LinkedIn Breach For Phishing Attacks - NYTimes.com
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[6382311].message }}
  • Profile picture of the author daddykool
    Well done Paul, we posted this earlier, so thought the tip in it would help, as unless you use an on the fly encoder on EACH login, passwords will always be at risk on line...

    http://www.warriorforum.com/main-int...words-now.html

    For those that are serious about your passwords and secure login's, a lot of our clients with NDA / Gov approved login requirements use this:

    Lastpass.com

    Time for a sticky as 6.5 million (plus the amount not reported yet!) hacked passwords will take a long time to get round the interweb for everyone on Linkedin to change!

    If eveyone adds a Linkedin status update now, this will get round a lot quicker
    Signature
    LAUNCHING VERY SOON > PRE-REGISTER NOW FOR A WSO THAT EVERY WARRIOR NEW & OLD CAN MAKE $$$ FROM! LIMITED PRE-LAUNCH SPACES - PM or email: JVSuperstars@gmx.com TO RESERVE A PLACE & LOCK IN A SUPER LOW LIFETIME PRICE! *** NEVER TO BE REPEATED PRICE ONLY AVAILABLE ON THE WARRIOR FORUM & OUR VERIFIED JV AFFILIATE PROVIDERS! ***
    {{ DiscussionBoard.errors[6384098].message }}
  • Profile picture of the author olavlind
    Thanks Paul,

    I actually did this yesterday. I heard about it on the radio. The way I use passwords is I have 3 different random passwords that I have memorized. Each one is 7 or 8 characters long. Then I put 2 of them together in different combinations for different sites. That makes 14-16 characters passwords randomized. For some sites that should have a little extra security I throw in two upper case letters and two non alphanumeric characters on the end.

    That has held up on all my sites so far. And I also exchange one of the random passwords every 3-12 months or so.

    Just a tip...

    ~Olav
    {{ DiscussionBoard.errors[6384120].message }}
    • Profile picture of the author Mark Andrews
      Banned
      You'll be better off using my suggestion posted above Olav. A different very long and complicated password for every single solitary website where a password is required using a combination of upper and lower case letters, numbers, and symbols.

      And use an alphabetical address book to keep them all in.

      For example...

      Under W in my password book there's the Warrior Forum.

      U: Mark Andrews
      PW: O=@3Buq4~/8Hdj2}?G97&*si

      Not at all easy to crack for every single site which password is completely different from the last.

      Warmest regards,


      Mark Andrews
      {{ DiscussionBoard.errors[6384248].message }}

Trending Topics