LinkedIn confirms that member passwords have been compromised

[JMH]

Reports started swirling this morning that more than six million users had their account passwords stolen, and now the company has confirmed the security breach with a post on its blog — though the company hasn't yet confirmed how many accounts were compromised.

Affected users will receive an email from LinkedIn with instructions on how to reset their password. This doesn't appear to be the standard password reset procedure, either — any affected user will automatically be locked out of their account, and the password reset email being sent by LinkedIn won't contain any links to the site. LinkedIn will also be sending affected members a second email from their customer service department detailing the circumstances behind the breach. We can't help but feel that all of the service's members deserve to know exactly what happened — they've entrusted their personal data to LinkedIn, regardless of whether their passwords were stolen or not.

http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen

 

[zigzag3143]

Various sources have the number up to 6 million. Guess they should stop using the "12345"s


Another source

http://www.pcmag.com/article2/0,281.../pcmag/breakingnews+(PCMag.com+Breaking+News)

 

[zigzag3143]

Another source

http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/

 

[satrow]

Various sources have the number up to 6 million. Guess they should stop using the "12345"s

The LinkedIn server admin's you mean?

Users passwords can be as complex as they like, once the database is owned, there is no secure password.

 

[zigzag3143]

I thought Admins password was password. I read that article right after the 25 worst passwords. You are of course correct

 

[zigzag3143]

LinkedIn users buried in spam after database leak

LinkedIn users are being bombarded by spam emails after the social network was hacked and hashed passwords of users dumped online.
Members of the business network told The Register that they had received scores of invitations to "link in" with new connections, often flagged with warnings from their email provider that the missive couldn't be verified as coming from LinkedIn.com.

http://www.theregister.co.uk/2012/06/07/linkedin_spam_emails_data_breach/

 

[JMH]

LinkedIn password cracker posted 8 million logins as cry for help

How much bad news does it take to get spokespeople for social networks to admit anything has a negative impact?
The same hacker (apparently) who posted 6.5 million LinkedIn logins earlier this week has followed up by posting 1.5 million passwords from EHarmony, most of which have been cracked, according to Ars Technica.

The LinkedIn logins were posted still hashed (encrypted) using the SHA-1 algorithm, but without "salt," the additional characters that make passwords more secure by making it harder for crackers to guess how many letters a password contains.

The latest batch brings the total number of swiped social-network passwords to 8 million for the week, all posted by someone with the username dwdm, who likely has far more passwords on file than were posted.

EHarmony officials have so far refused to comment.

http://www.itworld.com/security/280417/linkedin-password-cracker-posted-8-million-logins-cry-help