Go Back  British Expats > Living & Moving Abroad > USA
Reload this Page >

Change your LinkedIn passwords

Change your LinkedIn passwords

Old Jun 6th 2012, 5:23 pm
  #1  
Bob
BE Site Lead
Thread Starter
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,715
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Change your LinkedIn passwords

Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:

6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html

Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.

Either way, probably still worth changing your password.
Bob is offline  
Old Jun 6th 2012, 5:34 pm
  #2  
Sursum corda
 
cindyabs's Avatar
 
Joined: Sep 2002
Location: Richmond Hill, GA USA
Posts: 38,849
cindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond reputecindyabs has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by Bob View Post
Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:

6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html

Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.

Either way, probably still worth changing your password.
I end up doing that fairly regularly anyway, since my own memory vault for those is full and I never can remember ones for less visited sites.
cindyabs is offline  
Old Jun 6th 2012, 5:36 pm
  #3  
BE Forum Addict
 
rpjs's Avatar
 
Joined: Sep 2010
Location: Sleepy Hollow, New York
Posts: 2,514
rpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond reputerpjs has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by Bob View Post
Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:

6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html

Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.

Either way, probably still worth changing your password.
More to the point, if you've used the same password on other sites, change it there too, using a different password for every site.

I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
rpjs is offline  
Old Jun 6th 2012, 6:04 pm
  #4  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Seems there might be another issue with LinkedIn to be aware of if you use the iPhone app.
http://arstechnica.com/apple/2012/06...-linkedin-app/
Nutek is online now  
Old Jun 6th 2012, 9:20 pm
  #5  
Bob
BE Site Lead
Thread Starter
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,715
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by rpjs View Post
More to the point, if you've used the same password on other sites, change it there too, using a different password for every site.

I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
http://7habitsofhighlyeffectivehacke...-password.html

Basically if the hash tables haven't been salted, you're boned.

I'm guessing it's time to use KeePass to auto generate passwords, for individual sites now being a must....or use weird, long pass phrases.

http://keepass.info/
Bob is offline  
Old Jun 6th 2012, 9:21 pm
  #6  
Rootbeeraholic
 
Joined: Aug 2009
Location: Houston, Tx
Posts: 2,280
Bink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond reputeBink has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Done. Thanks for the heads up. I hadn't gotten around to checking the beeb yet today.
Bink is offline  
Old Jun 7th 2012, 12:56 am
  #7  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Looks like eHarmony got hit too.
Nutek is online now  
Old Jun 7th 2012, 1:55 am
  #8  
Bob
BE Site Lead
Thread Starter
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,715
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by Nutek View Post
Looks like eHarmony got hit too.
So you're saying to everyone on BE who we've told to go get married, might be in trouble too?
Bob is offline  
Old Jun 7th 2012, 12:28 pm
  #9  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by Bob View Post
So you're saying to everyone on BE who we've told to go get married, might be in trouble too?
Nutek is online now  
Old Jun 8th 2012, 3:41 pm
  #10  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Heads up... Todays winner is... Last.FM

Hacked... Check those passwords.

http://arstechnica.com/security/2012...eir-passwords/

Might be easier to list the places that havent been hacked recently.
Nutek is online now  
Old Jun 8th 2012, 3:53 pm
  #11  
BE Enthusiast
 
markwm's Avatar
 
Joined: Feb 2012
Posts: 498
markwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud of
Default Re: Change your LinkedIn passwords

Originally Posted by rpjs View Post
More to the point, if you've used the same password on other sites, change it there too, using a different password for every site.

I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
Have used hash/salt for quite some time for password protected applications and came across this a while back which looks interesting: http://bcrypt.codeplex.com/. Will be evaluating this and, if secure enough, reversing into the current application.

I simply do not understand why businesses like LinkedIn aren't choosing to use the securest possible methods to protect their clients - it's not like it would really cost them serious money to do it.
markwm is offline  
Old Jun 8th 2012, 3:59 pm
  #12  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by markwm View Post
Have used hash/salt for quite some time for password protected applications and came across this a while back which looks interesting: http://bcrypt.codeplex.com/. Will be evaluating this and, if secure enough, reversing into the current application.

I simply do not understand why businesses like LinkedIn aren't choosing to use the securest possible methods to protect their clients - it's not like it would really cost them serious money to do it.
You would think everyone would have learned their lesson from Sony. It's certainly been long enough.
Nutek is online now  
Old Jun 8th 2012, 4:18 pm
  #13  
BE Enthusiast
 
markwm's Avatar
 
Joined: Feb 2012
Posts: 498
markwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud ofmarkwm has much to be proud of
Default Re: Change your LinkedIn passwords

Originally Posted by Nutek View Post
You would think everyone would have learned their lesson from Sony. It's certainly been long enough.
Indeed though I suspect it';s becuase a lot of social networking companies are not created by professionals and only hire fresh out of college (cheap) and inexperienced developers who neither recall such incidents nor fully understand the ramifications of a poor security model.
markwm is offline  
Old Jun 8th 2012, 5:04 pm
  #14  
Bob
BE Site Lead
Thread Starter
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,715
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Originally Posted by markwm View Post
Indeed though I suspect it';s becuase a lot of social networking companies are not created by professionals and only hire fresh out of college (cheap) and inexperienced developers who neither recall such incidents nor fully understand the ramifications of a poor security model.
Probably a simple cost analysis at the beginning, once the site starts to take off and they figure it isn't worth it and then suddenly they get big and it becomes expensive to change things around and then becomes bad for investors to find out they're not very secure so try to hide it.

Apparently linked in is saying the emails haven't been hacked, they think, possibly. If that's the case, passwords alone aren't to much use. Bit late to be salting the passwords now though, but better late than never...
Bob is offline  
Old Jun 8th 2012, 5:10 pm
  #15  
 
Nutek's Avatar
 
Joined: Apr 2012
Location: CT
Posts: 30,094
Nutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond reputeNutek has a reputation beyond repute
Default Re: Change your LinkedIn passwords

Right now, these hackers can

1) Find you a job
2) Get you a date
3) Play you some romantic music

They should start a Social site or something.
Nutek is online now  

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.