Nairaland Forum

Welcome, Guest: Join Nairaland / Login / Trending / Recent / New
Stats: 1208408 members, 1560627 topics. Date: Wednesday, 23 July 2014 at 01:00 AM

6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords (2599 Views)

Seun Should Change Nairaland.com To .com.ng / 55000 Twitter Accounts Hacked And Passwords Exposed On Pastebin / 25 Worst Passwords Of 2011 [study] (1) (2) (3) (4)

(0) (1) (Reply) (Go Down)

6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Onos55: 10:56pm On Jun 06, 2012
Source: http://www.canadianbusiness.com/article/86724--some-linkedin-passwords-stolen-leaked-online-users-should-change-passwords

LONDON - Business social network LinkedIn said Wednesday that some of its users' passwords have been stolen and leaked onto the Internet.

LinkedIn Corp. did not say how many of the more than six million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post Wednesday, the company said it was continuing to investigate.

Graham Cluley, a consultant with U.K. Web security company Sophos, recommended that LinkedIn users change their passwords immediately.

LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.

There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.

Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.

LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.

Cluley said hackers are working together to break the encryption on the passwords.

"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."

It wasn't known who was behind such an attack.

LinkedIn's blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts will be sent emails with further instructions.

While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.

"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's 'game over' once the site is compromised."

Cluley warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.

LinkedIn said its emails will not include any links.

Shares of LinkedIn, which is based in Mountain View, California, gained 8 cents to close Wednesday at $93.08.


Source: http://www.canadianbusiness.com/article/86724--some-linkedin-passwords-stolen-leaked-online-users-should-change-passwords
-------------------------------------------------------------

Also see this from security firm Sophos:

Source:
http://nakedsecurity.sophos.com/2012/06/06/millions-of-linkedin-passwords-reportedly-leaked-take-action-now/

Although not yet confirmed by the business-networking website, it is being widely speculated that over six million passwords belonging to LinkedIn users have been compromised.

A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.

Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals.

Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.

As such, it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack.

If you were using the same passwords on other websites - make sure to change them too. And never again use the same password on multiple websites.

How to change your LinkedIn password
1. Log into LinkedIn.
2. You should see your name in the top right hand corner of the webpage. Click on it, and you will open a drop-down menu. Choose "Settings".

3. Choose the option to change your password.

4. After entering your old password, you will have to enter your new (hopefully unique and hard-to-crack password) twice.

Don't delay. Do it now. And if there are any more updates from LinkedIn we will let you know.

Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 7:35am On Jun 07, 2012
w0000t!!! Linkedin got pawned! shocked shocked
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 9:41am On Jun 07, 2012
Check the status of your LinkedIn password on the webpage link below. The site checks your hashed password against the leaked passwords hashes and informs you if it had been compromised. If it has, change your password immediately

http://leakedin.org/

The site is secure. It was made by a respected programmer to help novices with password phobias check their password safety. If you're paranoid, just change your password without checking.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by frosbel(m): 9:42am On Jun 07, 2012
I changed mine yesterday when the news came out.

However you are also advised to change your password ,if it is the same for your email and social media accounts , immediately !!!
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by frosbel(m): 9:44am On Jun 07, 2012
The Arbiter: Check the status of your LinkedIn password on the webpage link below. The site checks your hashed password against the leaked passwords hashes and informs you if it had been compromised. If it has, change your password immediately

http://leakedin.org/

The site is secure. It was made by a respected programmer to help novices with password phobias check their password safety. If you're paranoid, just change your password without checking.





Guys do not do it !!!! Ignore this guys advice


Ignore the above. Do not be conned

Just go on and change your passwords by yourself !!!
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 9:54am On Jun 07, 2012
Out of sheer curiosity, I tried this http://leakedin.org . .Although, I knew it was quite a silly move considering the fact that the owner of the site could actually be storing users pwds. .but then I have nothing to lose as I don't re-use my passwords smiley. .
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Lilspicer(m): 10:07am On Jun 07, 2012
Handworks of (Anonymous and lulz) WE DONT FORGIVE OR FORGET EXPECT US......WE ARE 99%
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 10:08am On Jun 07, 2012
By all means please change your passwords. But recall i said hashed passwords. Its really simple to hash your password and pop it in to check. I dont give advice without due diligence and i check and double check my facts to verify correctness and authenticity. I take web security seriously.

By the ways every1, secure passwords should look like this as#1vb@63ut=&sg% in any combination of letters, numbers and special characters of your choice and should be at least 15 characters in length.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by frosbel(m): 10:21am On Jun 07, 2012
The Arbiter: By all means please change your passwords. But recall i said hashed passwords. Its really simple to hash your password and pop it in to check. I dont give advice without due diligence and i check and double check my facts to verify correctness and authenticity. I take web security seriously.

By the ways every1, secure passwords should look like this as#1vb@63ut=&sg% in any combination of letters, numbers and special characters of your choice and should be at least 15 characters in length.

But why should they, when it is as simple as loggin on to your social media site and changing the password yourself.

Why are you so keen to make them verify their passwords on your link , I work as a senior IT professional and this is just not on !!!
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Lins01(m): 10:24am On Jun 07, 2012
The Arbiter: Check the status of your LinkedIn password on the webpage link below. The site checks your hashed password against the leaked passwords hashes and informs you if it had been compromised. If it has, change your password immediately

http://leakedin.org/

The site is secure. It was made by a respected programmer to help novices with password phobias check their password safety. If you're paranoid, just change your password without checking.


IGNORE THIS GUY, HE IS A HACKER AND HE WANT HACK YOUR INFORMATION AS WELL...
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by denzel2009: 10:42am On Jun 07, 2012
Slyr0x: Out of sheer curiosity, I tried this http://leakedin.org . .Although, I knew it was quite a silly move considering the fact that the owner of the site could actually be storing users pwds. .but then I have nothing to lose as I don't re-use my passwords smiley. .

Slyrox, are they storing password in clear texts? LinkedIn
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by mrperfect(m): 10:59am On Jun 07, 2012
This is sad.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 11:00am On Jun 07, 2012
First misconception; its not my website.

Second misconception; passwords are stored as hashed or encrypted data (depending on the encryption method) and is the method of storing passwords on every internet site database (including Nairaland).

Third misconception; hashing and checking the hash ID doesnt compromise your password.

Fourth misconception; I am not keen to to make people verify passwords on the site so they can be hacked (Did any1 note that usernames are not required).

Lastly Trust is a difficult thing on the net. Unfortunately, the guy who mashed up the checking site has a respected internet reputation and can be reached here.

Could every1 kindly disregard my first post above and just change your passwords (Frosbel's sensible advice).

@frosbel I dont doubt your credentials and i think mine are are bit impeccable too. However using my knowledge to harm is unthinkable. It negates my principles. You could go through my post history and verify. Given the rampant cases of scammers and hackers, your advice makes for peace of mind and should supersede mine.

frosbel: c
But why should they, when it is as simple as loggin on to your social media site and changing the password yourself.

Why are you so keen to make them verify their passwords on your link , I work as a senior IT professional and this is just not on !!!
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 11:05am On Jun 07, 2012
The password hashes were unsalted SHA-1 hashes. SHA-1 was proven weak back in 2005, and unsalted hashes are especially weak.


denzel2009:

Slyrox, are they storing password in clear texts? LinkedIn
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Piyke: 11:05am On Jun 07, 2012
The Arbiter: Check the status of your LinkedIn password on the webpage link below. The site checks your hashed password against the leaked passwords hashes and informs you if it had been compromised. If it has, change your password immediately

http://leakedin.org/

The site is secure. It was made by a respected programmer to help novices with password phobias check their password safety. If you're paranoid, just change your password without checking.


This is a phishing site. Be warned
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 11:11am On Jun 07, 2012
denzel2009:

Slyrox, are they storing password in clear texts? LinkedIn

Nah. .The passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. Even so, unless your password is a dictionary word (i.e. password,qwerty,etc), or very simple, it will take some time to crack.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 11:13am On Jun 07, 2012
Piyke:

This is a phishing site. Be warned


And your proof is?

I think its best we don't say/type what we don't know!
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by WhoIGoAsk: 11:20am On Jun 07, 2012
Hackers No be small thing. Next na fb, huh?
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 11:42am On Jun 07, 2012
LinkedIn said on Wednesday that some passwords on a list of allegedly stolen hashed passwords belong to its members, but did not say how its site was compromised.

"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," Vicente Silveira, a director at the social-networking site for professionals, wrote in a blog post. It is unknown how many passwords have been verified by LinkedIn.

LinkedIn has disabled the passwords on those accounts, it said. Account holders will receive an email from LinkedIn with instructions for resetting their passwords. The emails will not include any links. Phishing attacks often rely on links in emails that lead to fake sites designed to trick people into providing information, so the company says it will not send links in emails.

http://www.zdnet.co.uk/news/security-threats/2012/06/07/linkedin-confirms-password-leak-40155341/?s_cid=938
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 12:08pm On Jun 07, 2012
Now for a little web reality shake-up. How long would it take to compromise a password. Why not do a dummy run in the webpage link below and be educated on how secure passwords should be like.

http://howsecureismypassword.net/

Now please dont go and enter your real passwords here, i said dummy runs. Just check an equivalent to see how secure your password choice may be.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 12:24pm On Jun 07, 2012
It would take a desktop PC About 97 billion years to crack my password grin grin

Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by denzel2009: 12:26pm On Jun 07, 2012
The Arbiter:
The password hashes were unsalted SHA-1 hashes. SHA-1 was proven weak back in 2005, and unsalted hashes are especially weak.

Slyr0x:

Nah. .The passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. Even so, unless your password is a dictionary word (i.e. password,qwerty,etc), or very simple, it will take some time to crack.

Thanks.

These hackers are useless. They should do facebook and amazon na.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by TheArbiter: 12:27pm On Jun 07, 2012
Wow Slyr0x. You're definitely no pushover.

I recommended the site to a few of my friends after their email accounts were hacked. It enabled them to see the folly of their password habits.

I hope other people will give it a try and be more educated about passwords.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by denzel2009: 12:36pm On Jun 07, 2012
Slyr0x: It would take a desktop PC About 97 billion years to crack my password grin grin


Ok I wouldn't bother cracking your password, I would just hijack your session wink
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Piyke: 1:00pm On Jun 07, 2012
Slyr0x: It would take a desktop PC About 97 billion years to crack my password grin grin


You know if its actually ur real password you put there, itd now compromised as the administrator or whoever can collect what u typed in
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 1:11pm On Jun 07, 2012
denzel2009:

Ok I wouldn't bother cracking your password, I would just hijack your session wink

Lmaooo. .go ahead o0. .As long as it doesn't affect the amount in my account wink grin


The Arbiter: Wow Slyr0x. You're definitely no pushover.

I recommended the site to a few of my friends after their email accounts were hacked. It enabled them to see the folly of their password habits.

I hope other people will give it a try and be more educated about passwords.

Most of my passwords follow this trend esp. for emails > Myn@meisslyrox@ndmyuniquenumberis7 (My name is slyrox & my unique number is 7). .
Then for cPanels and stuffs like that > TXluQG1laXNzbHlyb3hAbmRteXVuaXF1ZW51bWJlcmlzNw== (I use this site to base64 encode my pwds. .

The Irony there is the passwords eventually get too complicated especially if it's not an account I use frequently and also 'cos I don't reuse my passwords. For accounts like these, I often resort to using the "Forgot My Password" feature.
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 1:20pm On Jun 07, 2012
Piyke:

You know if its actually ur real password you put there, it now compromised as the administrator or whoever can collect what u typed in

Compromised?? Hell No!

It's like giving someone a key without actually mentioning who owns the key or what the key opens. smiley
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by cecegorz(m): 1:28pm On Jun 07, 2012
The Arbiter: By all means please change your passwords. But recall i said hashed passwords. Its really simple to hash your password and pop it in to check. I dont give advice without due diligence and i check and double check my facts to verify correctness and authenticity. I take web security seriously.

By the ways every1, secure passwords should look like this as#1vb@63ut=&sg% in any combination of letters, numbers and special characters of your choice and should be at least 15 characters in length.

Dude, It's a criminal offense for you to lead people to verify a third party password/PIN on your site, for whatever reason
You want to do some time in jail or what?
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by denzel2009: 1:39pm On Jun 07, 2012
Slyr0x:

Lmaooo. .go ahead o0. .As long as it doesn't affect the amount in my account wink grin




Most of my passwords follow this trend esp. for emails > Myn@meisslyrox@ndmyuniquenumberis7 (My name is slyrox & my unique number is 7). .
Then for cPanels and stuffs like that > TXluQG1laXNzbHlyb3hAbmRteXVuaXF1ZW51bWJlcmlzNw== (I use this site to base64 encode my pwds. .

The Irony there is the passwords eventually get too complicated especially if it's not an account I use frequently and also 'cos I don't reuse my passwords. For accounts like these, I often resort to using the "Forgot My Password" feature.

I'm of the opinion that passwords shouldn't be more than 8 characters. Just anything to avoid being written down as it invalidates the reason for having a password.

You be security expert now, don't teach people bad things tongue
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by Slyr0x(m): 1:46pm On Jun 07, 2012
denzel2009:

I'm of the opinion that passwords shouldn't be more than 8 characters. Just anything to avoid being written down as it invalidates the reason for having a password.

You be security expert now, don't teach people bad things tongue


lool. . .but then there are some things you don't have to write down. .

Look at this

My name is denzel and I am 32 yrs old. .

Making it a password, it becomes MyNameIsDenzelAndIam32yrsOld. .Simple. .

But then you could just introduce some characters like replacing all a's with @ i.e.

MyN@meIsDenzel@ndI@m32yrsOld. .

http://howsecureismypassword.net/ says it would take a desktop PC About 8 undecillion years to crack your password. .


You now have a secure and easy to remember password smiley. .
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by denzel2009: 1:57pm On Jun 07, 2012
Slyr0x:

lool. . .but then there are some things you don't have to write down. .

Look at this

My name is denzel and I am 32 yrs old. .

Making it a password, it becomes MyNameIsDenzelAndIam32yrsOld. .Simple. .

But then you could just introduce some characters like replacing all a's with @ i.e.

MyN@meIsDenzel@ndI@m32yrsOld. .

http://howsecureismypassword.net/ says it would take a desktop PC About 8 undecillion years to crack your password. .


You now have a secure and easy to remember password smiley. .




I understand you bro.

but my online bank account will now tell me to enter the 10th,18th and 22nd character of my password and I have to write it on piece of paper and count in order not screw my access. you get me?
Re: 6.5 Million Linkedin Passwords Stolen - Users Should Change Passwords by webdezzi(m): 2:41pm On Jun 07, 2012
Check the status of your LinkedIn password on the webpage link below. The site checks your hashed password against the leaked passwords hashes and informs you if it had been compromised. If it has, change your password immediately

http://leakedin.org/

The site is secure. It was made by a respected programmer to help novices with password phobias check their password safety. If you're paranoid, just change your password without checking.


guys, dont use that link.

by providing your password, they can look up ur username using the resulting hash value.
This is meant to give them access to your linked in account.

(0) (1) (Reply)

How Do I Start A Classified Ads Website In Nigeria / I Need Help With Macromedia Flash Website / Getting The First Character Of Array Values, Php ?

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

Nairaland - Copyright © 2005 - 2014 Oluwaseun Osewa. All rights reserved. See Nairalist and How To Advertise. 152
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.