Skip to content

Why You Need To Be Concerned About Password Leaks!

June 11, 2012

We all saw the shocking headlines: Millions of LinkedIn passwords reportedly leaked online

Three companies have since warned that their customer’s passwords appear to be floating around on the Internet, including on a Russian forum where hackers boasted about cracking them. More companies might do the same.

Last week a file containing what looked like 6.5 million passwords and another with 1.5 million passwords was discovered on a Russian hacker forum, that offers password-cracking tools. Someone had posted the original list and asked others to help crack the passwords. The passwords were not in plain text, but were obscured with a technique called “hashing”. Strings in the passwords included references to LinkedIn and eHarmony, so security experts suspected that they were from those sites even before the companies confirmed that their users’ passwords had been leaked. Last.fm has since also announced that passwords used on its site were among those leaked.

Do You Know If Your Own Password Has Been Compromised?

LastPass, a password manager provider, has created a site where people can check if their password for LinkedIn or eHarmony was among those posted to a hacker forum. You will be asked to enter your LinkedIn password and then press “TEST MY PASSWORD”. If the test comes back positive, the message will say:

Your password was one of the ones that was compromised. We strongly recommend that you follow our recommendations above and immediately change your LinkedIn and related passwords!!

Why You Need To Be Concerned

Hackers may have already used the compromised passwords to access at least some of the accounts. Once in, a hacker could pose as the account holder and send messages to others on the site, as well as find out e-mail and other contact information if you provided it in your LinkedIn profile, along with names of your contacts and contents of messages sent between you and others that might contain sensitive information. Hackers also know that many people use the same password on multiple sites. If hackers have your password, they can easily check other sites, for example your bank site.

What You Need To Do

LinkedIn and eHarmony said they have disabled the passwords on affected accounts and will follow up with an e-mail that includes instructions for resetting the passwords. Last.fm also urged all of its users to log into the site  and change their passwords on the settings page.

To change your LinkedIn password, log onto your account. Click on your name in the upper right corner and then click on the link for Settings. In the Settings section, click on the Change link next to Password. You will be prompted to enter your old password and then create a new one. Pick a minimum of 6 characters, use a mix of lower- and upper-case, numbers and symbols. Then click on the Change Password button.

Better safe than sorry!

If you don’t have a security system or don’t have it monitored, call me for a free, no-obligation consultation. You will be glad you did!

Ulli Robson, Security Specialist, (780) 288-2986.

www.SafewithUlli.com

Advertisements

From → Uncategorized

2 Comments
  1. Thanks for posting this Ulli. My twitter account been compromised twice in the last week. Not sure if it has anything to do with the application links to LinkedIn?…I’ll change my pw, as you say, to be safe not sorry.
    Clint Moar

    • Thanks for your comment, Clint. Make sure not to use the same password for all your accounts. If someone finds out you are using LinkedIn1234 for your LinkedIn account,it won’t be difficuclt to guess you are using Twitter1234, Facebook1234, you get the drift. Regards, Ulli.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: