mersenneforum.org  

Go Back   mersenneforum.org > Fun Stuff > Lounge
Reload this Page LinkedIn password database was stolen and posted publically
Register FAQ Search Today's Posts Mark Forums Read

Reply
Page 3 of 3 12 3
 
Thread Tools
Old 2012-06-09, 19:45   #23
Brian-E
 
Brian-E's Avatar
 
"Brian"
Jul 2007
The Netherlands

7×467 Posts
Default
Quote:
Originally Posted by ewmayer View Post
I received a copy of the same message ... at 10:30pm PDT last night, nearly 36 hours after I'd already changed my password.

I repeat: Wankers.
I don't have a LinkedIn account, but I have an experience to relate from a few months ago about a Dutch internet provider, hetnet.nl (part of KPN), with which I do have an account.

This internet provider had a similar huge, embarrassing loss of a file of access passwords. Exactly what the thieves got hold of was not, and still isn't, completely clear. But just like with LinkedIn, the media knew of it days before any communication by KPN to its hetnet.nl customers took place.

On hearing the news I immediately changed my hetnet.nl password.

About a week later I received a letter in the post from KPN, the first direct communication from the provider about the security leak. The letter stated that due to the breach of security they had changed my password for me. The letter went on to give me the new password which they had apparently changed it to: it was the same new password that I had selected when changing it myself a week earlier!

I can only conclude that they don't even encrypt the passwords at all when storing them, let alone fail to salt the encrypted hashes like LinkedIn. That aside from the incompetence of failing to distinguish between customers who had changed their passwords themselves and those who had been allocated new passwords!
Brian-E is offline   Reply With Quote
Old 2012-06-10, 09:46   #24
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

23×17×71 Posts
Default
Quote:
Originally Posted by Brian-E View Post
The letter went on to give me the new password which they had apparently changed it to: it was the same new password that I had selected when changing it myself a week earlier!
Coooooollllll! Cool cool cool cool cool!
That is brilliant. I can't stop laughing. My wife said I am gone nuts.
Did you still keep the account with them after this?
LaurV is online now   Reply With Quote
Old 2012-06-10, 10:16   #25
Brian-E
 
Brian-E's Avatar
 
"Brian"
Jul 2007
The Netherlands

7×467 Posts
Default
Quote:
Originally Posted by LaurV View Post
Coooooollllll! Cool cool cool cool cool!
That is brilliant. I can't stop laughing. My wife said I am gone nuts.
Did you still keep the account with them after this?
Yes. I should really dump them, I know. I actually use a different internet provider these days and my account with hetnet.nl has been dormant for years. I changed because of other unimpressive issues with hetnet.nl. But when I originally tried to cancel the account with them I was informed that my telephone land-line was contractually tied to the hetnet.nl account and I couldn't stop the hetnet.nl account without losing the landline. I don't think that is correct, but I've no stomach for a legal fight considering that the hetnet.nl account costs only Euro 2.50 per month.
I know, I shouldn't be so meek about it. But that's the way I am.
Brian-E is offline   Reply With Quote
Old 2012-06-11, 07:40   #26
Kosmaj
 
Kosmaj's Avatar
 
Nov 2003

2×1,811 Posts
Default
And the story goes on!
Just got this from Last.fm:

Quote:
We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we're asking all our users to change their passwords immediately.
Please log in to Last.fm and change your password on your settings page.
It seems the leak happened on June 7, but I just got the message, an hour ago (on June 11)!
Last fiddled with by Kosmaj on 2012-06-11 at 07:48 Reason: new info
Kosmaj is offline   Reply With Quote
Old 2012-06-11, 22:09   #27
only_human
 
only_human's Avatar
 
"Gang aft agley"
Sep 2002

2·1,877 Posts
Default
Events: Jun 14, 2012 - LinkedIn Corporation Annual Shareholder Meeting - 12:00PM EDT
only_human is offline   Reply With Quote
Old 2016-10-19, 19:59   #28
Batalov
 
Batalov's Avatar
 
"Serge"
Mar 2008
Phi(4,2^7658614+1)/2

2×47×101 Posts
Cool Police arrest Russian tied to 2012 LinkedIn hack
Quote:
Originally Posted by Batalov View Post
Please be aware that it is being reported that the LinkedIn password database was stolen and posted publically early this morning.

If you use LinkedIn, your password needs to be considered compromised, as well as any other site you use this password for. It’s critical for you that these passwords be changed as soon as possible.

The standard progression of this type of attack is:
1. Hackers post password hashes publically. (Done)
2. Criminal groups work together to rapidly crack and recover passwords. Depending on how complex your password was will determine how much time you have to change it. (In progress now)
3. Cracked accounts are then used to automatically attempt logins to more critical sites (PayPal, Amazon, banks, emails services) for further financial theft, identity theft, and/or privacy compromise.
___________________________________________

(Came from our IT. I haven't verified this. See PC World and other sources.)
They were not sitting on their thumbs for these four years, after all.
Czech police arrest Russian tied to 2012 LinkedIn hack

Good!
Batalov is offline   Reply With Quote
Reply
Page 3 of 3 12 3

« Previous Thread | Next Thread »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stolen Assignment? CuriousKit PrimeNet 21 2017-08-13 03:34
No Results Posted a10001 PrimeNet 14 2015-12-23 01:37
two factors posted for M1217 and M1259 tha Factoring 3 2014-05-23 10:13
I had my identity stolen by '24' ewmayer Lounge 12 2010-02-04 21:26
Linkedin anyone? ET_ Lounge 0 2008-04-28 09:37

All times are UTC. The time now is 10:39.


Mon Aug 2 10:39:34 UTC 2021 up 10 days, 5:08, 0 users, load averages: 1.58, 1.72, 1.51

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.