The ramifications of the LinkedIn password leak
Posted on 07 June 2012.
LinkedIn has finally confirmed that some of the passwords that were leaked yesterday correspond to LinkedIn accounts, and has issued a list of steps that they are taking in order to ensure that that the leak doesn't result in hijacked accounts:

1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

2.These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.

3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

And not a moment too soon, as phishing "email confirmation" emails with embedded links supposedly coming from the social network are already hitting inboxes and could be easily mistaken for a legitimate communication:


Lastly, as web designer Chris Shiflett points out, one of many implications of this leak is that there is now a list of hundreds of thousands of cracked passwords out there.

"You can be sure that these will be used to seed rainbow tables and will be an obvious choice for seeding a dictionary used to try to crack passwords the next time a leak happens. Even if the next leak is a bunch of salted hashes using a better algorithm, these cracked passwords will never be safe again," he warns.






Spotlight

Lessons learned developing Lynis, an open source security auditing tool

Posted on 15 October 2014.  |  Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //