mersenneforum.org - LinkedIn password database was stolen and posted publically

mersenneforum.org (https://www.mersenneforum.org/index.php)

- Lounge (https://www.mersenneforum.org/forumdisplay.php?f=7)

- - LinkedIn password database was stolen and posted publically (https://www.mersenneforum.org/showthread.php?t=16881)

[QUOTE=ewmayer;301870]I received a copy of the same message ... at 10:30pm PDT last night, nearly 36 hours after I'd already changed my password.

I repeat: Wankers.[/QUOTE]
I don't have a LinkedIn account, but I have an experience to relate from a few months ago about a Dutch internet provider, hetnet.nl (part of KPN), with which I do have an account.

This internet provider had a similar huge, embarrassing loss of a file of access passwords. Exactly what the thieves got hold of was not, and still isn't, completely clear. But just like with LinkedIn, the media knew of it days before any communication by KPN to its hetnet.nl customers took place.

On hearing the news I immediately changed my hetnet.nl password.

About a week later I received a letter in the post from KPN, the first direct communication from the provider about the security leak. The letter stated that due to the breach of security they had changed my password for me. The letter went on to give me the new password which they had apparently changed it to: [I]it was the same new password that I had selected when changing it myself a week earlier![/I]

I can only conclude that they don't even encrypt the passwords at all when storing them, let alone fail to salt the encrypted hashes like LinkedIn. That aside from the incompetence of failing to distinguish between customers who had changed their passwords themselves and those who had been allocated new passwords!

[QUOTE=Brian-E;301873]The letter went on to give me the new password which they had apparently changed it to: [I]it was the same new password that I had selected when changing it myself a week earlier![/I][/QUOTE]
Coooooollllll! Cool cool cool cool cool!
That is brilliant. I can't stop laughing. My wife said I am gone nuts.
Did you still keep the account with them after this?

[QUOTE=LaurV;301920]Coooooollllll! Cool cool cool cool cool!
That is brilliant. I can't stop laughing. My wife said I am gone nuts.
Did you still keep the account with them after this?[/QUOTE]
Yes. I should really dump them, I know. I actually use a different internet provider these days and my account with hetnet.nl has been dormant for years. I changed because of other unimpressive issues with hetnet.nl. But when I originally tried to cancel the account with them I was informed that my telephone land-line was contractually tied to the hetnet.nl account and I couldn't stop the hetnet.nl account without losing the landline. I don't think that is correct, but I've no stomach for a legal fight considering that the hetnet.nl account costs only Euro 2.50 per month.
I know, I shouldn't be so meek about it. But that's the way I am.:unsure:

And the story goes on! :smile:
Just got this from Last.fm:

[QUOTE]We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we're asking all our users to change their passwords immediately.
Please log in to Last.fm and change your password on your settings page. [/QUOTE]

It seems the leak happened on June 7, but I just got the message, an hour ago (on June 11)!

Events: Jun 14, 2012 - LinkedIn Corporation Annual Shareholder Meeting - 12:00PM EDT

Police arrest Russian tied to 2012 LinkedIn hack

[QUOTE=Batalov;301457]Please be aware that it is being reported that the LinkedIn password database was stolen and posted publically early this morning.

If you use LinkedIn, your password needs to be considered compromised, as well as any other site you use this password for. It’s critical for you that these passwords be changed as soon as possible.

The standard progression of this type of attack is:
1. Hackers post password hashes publically. (Done)
2. Criminal groups work together to rapidly crack and recover passwords. Depending on how complex your password was will determine how much time you have to change it. (In progress now)
3. Cracked accounts are then used to automatically attempt logins to more critical sites (PayPal, Amazon, banks, emails services) for further financial theft, identity theft, and/or privacy compromise.
___________________________________________

(Came from our IT. I haven't verified this. See [URL="http://www.pcworld.com/article/257045/65m_linkedin_passwords_posted_online_after_apparent_hack.html"]PC World[/URL] and other sources.)[/QUOTE]

They were not sitting on their thumbs for these four years, after all.
[URL="http://www.reuters.com/article/us-czech-usa-russia-cybercrime-idUSKCN12J0MV"]Czech police arrest Russian tied to 2012 LinkedIn hack[/URL]

Good!