LinkedIn password hack- what to do next

Discussion in 'Newbies' started by Gargoyle, Jun 13, 2012.  |  Print Topic

  1. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    Last week LinkedIn and some other sites were hacked, millions of logins and passwords stolen. the bandits don't care about your LinkedIn resume or photos- they want to test your login and pw on other sites.

    Take this as a reminder, make sure you have a strong password (with upper case, lower case, numbers, maybe other characters) and don't use the same password on multiple sites. If you use the same password on LinkedIn that you use on your bank or credit card site or mileage account, you can get really burned.
     
    wrxmom, doc, SC Flier and 4 others like this.
  2. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,426
    Status Points:
    20,020
    I don't have an LikedIn account!:)
     
  3. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,426
    Status Points:
    20,020
    I'm not on Facebook either!:)
     
    jetsetboy, hpc, jrp2 and 1 other person like this.
  4. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    Then I have to doubt that you really exist. :p
    ----------------
    Seriously, if you use the same login/password on any multiple sites you put yourself at risk. For example, if you have a hotmail account, a login at a couple stores, and at a forum like this one or a blog, and any one of those gets compromised, they all could be broken into. Lots of stores store credit card info and have weak security.
     
    SC Flier, hpc, legalalien and 3 others like this.
  5. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    My LinkedIn password was a unique password among my hundreds. Nevertheless I changed it immediately.

    The advice to not share passwords across sites, especially important ones, is very good.
     
  6. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    That's because you're not liked by anyone? ;)
     
    uggboy and hpc like this.
  7. hpc

    hpc Silver Member

    Messages:
    201
    Likes Received:
    709
    Status Points:
    535
    Here's my advice to the LinkedIn password leak:

    Go to: http://leakedin.org
    I have read the source code on this website (I'm working with web application development), and it is true that this site does not transfer your password away from your computer. The password is encrypted inside your own browser (Internet Explorer, FireFox, Apple Safari etc.). The only outgoing data from your computer is a one-way encrypted value of your password. This 32 character encrypted string is matched up agains the list of leaked LinkedIn passwords. The list is also encrypted using a one-way method.

    This service returns one of three results:

    1. Your password has not been leaked (as far as this site knows)
    2. Your password has been leaked, but is not decrypted yet (the hackers only stole the encrypted passwords)
    3. Your password has been leaked AND decrypted. Your plain text password is now in the hackers hands :(

    No matter what result the service returns, I'd suggest you change your password immediately.

    Of course the best solution is to have unique passwords for every login we have, but honestly - can we remember 20-100 unique passwords with numbers, lower- and uppercase letters, 8 or more characters - and no words, names etc.

    Good passwords looks like this:

    rK6dNR3j

    They can of course be hard to remember, og writing them down in our cellphone is not a good idea.

    I learned from a security expert that IT users should group their passwords into security levels/importance. He said that typically 5 groups is enough:

    1. Bank(s), credit cards etc.
    2. Mail accounts
    3. LinkedIn, Facebook etc.
    4. Trusted websites (www.milepoint.com, cnn and others)
    5. All other NOT well known sites/communities

    He also suggested a way to create and remember a good password is to come up with a sentence - e.g.:

    I can eat 3 whoppers in 2 hours

    Then only use the first letter in each word:

    Ice3Wi2h

    My dogs name is Gucci - he is 5 years old = MdniGhi5yo

    Use your imagination and increase your level of security :)

    Have fun, and good luck - and remember to change your password everywhere you used your LinkedIn password!
     
    mht_flyer, wombat18, tommy777 and 3 others like this.
  8. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    Good info in your post.

    I know it's hard to track different passwords, but there are good tools out there that you can use. One that I've used keepass for years, it's a free, open source app from http://www.keepass.info/ and is highly secure. You can organize things into folders, like one for credit card info, one for e-mail accounts, one for banks, so it's easy to find things. It is small and portable- I can copy a tiny highly encrypted file from my desktop to my laptop, and there are even versions for most smart phones, and it just takes seconds to make backup copies.
     
    uggboy and hpc like this.
  9. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    My recommendation would be to change the password first.

    While maybe unlikely (though I don't know the authors of that website, presumably they have a reputation at risk), there's no guarantee that the version of the page/code that you reviewed is the same that's being served up when I access the site a day or a week later.

    By the way, to the best of my knowledge I have not received any communication from LinkedIn on this breach (I receive plenty of other email spam from them). Has anyone else? Have they figured out how the list of passwords was leaked in the first place?
     
    kansaskeith, uggboy and Gargoyle like this.
  10. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    I know one person who did. I think (but I could be mistaken) that they were able to figure out which list/portion of their database was accessed and they only contacted those people.
     
    uggboy likes this.
  11. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    An interesting article (a bit technical, but not too bad) about where LinkedIn went wrong. Basically their password encryption was from the 1970s.

    http://queue.acm.org/detail.cfm?id=2254400

    Really makes you wonder (or should!) who else is using crappy security.
     
    uggboy, mht_flyer and Gargoyle like this.
  12. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    I guess they figured that, since not a single website was hacked during the 1970's, that method was extremely secure.
     
  13. kansaskeith

    kansaskeith Gold Member

    Messages:
    2,486
    Likes Received:
    5,786
    Status Points:
    4,070
    I agree. I changed my password last week, then went to the site discussed here, and entered my old password only (without also having to give my linkedin ID also). I got the best of the three possible messages - that the old password did not appear to have been leaked at all. Which surprised me a little because the old password, while both alpha and numeric, was hardly that complicated, and I figure that others among linkedin's millions may have had the same one. None of us, according to this site, had it leaked.
     
    uggboy likes this.
  14. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    In which case they screwed up again! I changed my (non-dictionary-based and limited to LinkedIn) password right after the news broke last week, hardening it further. So no great risk trying out that leakedin.org site, I suppose. And it claims my old password was in fact cracked.
     
    uggboy and Gargoyle like this.
  15. hpc

    hpc Silver Member

    Messages:
    201
    Likes Received:
    709
    Status Points:
    535
    Nope, I didn't get any warning from LinkedIn and leakedin.org says my (old) password WAS leaked... Quite worrying that they haven't send out a message :-(
     
  16. dAAlasFF

    dAAlasFF Active Member

    Messages:
    17
    Likes Received:
    13
    Status Points:
    55
    I went in and changed it to on of my strong passwords.
     
    uggboy, Gargoyle and hpc like this.
  17. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,198
    Status Points:
    16,520
    It'd be better to change it to a new strong password that isn't shared with any other site. Given the fools that they have proven themselves to be at LinkedIn, how do you know that they aren't logging the passwords in clear text in some server log for "debugging purposes"?
     
    uggboy, Gargoyle and hpc like this.
  18. tommy777
    Original Member

    tommy777 Co-founder

    Messages:
    2,674
    Likes Received:
    6,596
    Status Points:
    4,570

    Helpful post, thanks. But who names their dog Gucci??
     
  19. wombat18
    Original Member

    wombat18 Silver Member

    Messages:
    326
    Likes Received:
    429
    Status Points:
    520
    Luigi?:)
     
    uggboy, Gargoyle and hpc like this.
  20. kw335
    Original Member

    kw335 Silver Member

    Messages:
    737
    Likes Received:
    1,706
    Status Points:
    975
    I didn't have a LinkedIn account, until I discovered that my "profile" existed on LinkedIn. I still haven't been able to solve the mystery as to why I'm on it if I didn't volunteer the info myself.

    The interesting part is, that the job description doesn't really match my real job. It listed that I work in New York City, whereas I actually worked in Connecticut. They got the job title right though.

    Strange ...
     
    uggboy likes this.
  21. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,426
    Status Points:
    20,020
    This sounds very strange indeed, when you " in person " have never opened an account you shouldn't be there @ LinkedIn. That's what I would assume, or someone else has opened an account in your name?
     
    kw335 likes this.
  22. kw335
    Original Member

    kw335 Silver Member

    Messages:
    737
    Likes Received:
    1,706
    Status Points:
    975
    I've never figured that out. Though I'm certain that the said profile is "mine", because all of the educational and work experiences were mostly correct.
     
    uggboy likes this.
  23. uggboy
    Original Member

    uggboy Gold Member

    Messages:
    50,172
    Likes Received:
    133,426
    Status Points:
    20,020
    When you haven't filled in your " profile " or opened an account @ LinkedIn, someone who knows you must have, otherwise this would be a big mystery.
     
  24. kw335
    Original Member

    kw335 Silver Member

    Messages:
    737
    Likes Received:
    1,706
    Status Points:
    975
    It will remain a mystery I guess :confused:
     

Share This Page