Author Message

SirLazarus

Rank 3
SirLazarus
Joined
13 Mar 2011
Posts
1142
Location
Behind you, United States
PostedJun 07, 2012 12:50 pm
Wanted to drop this here as well, so users can search to see if their pass was in the stolen hashes. But also to make sure they don't change their pass to one in the list. That might sound redundant to some, but it's much more likely than you may think. Out of the 6.5M hashes, it's estimated that probably 90% or more of them are repeats of the entire user database. Some effort has gone into proving this, such as searching some LinkedIn users passes that were not found in the list but there's a 10% variable as well. The theory is that this list made up the bulk of passwords used on LinkedIn at a certain point in time, without any username/e-mail data attached and is thus why it was unsalted. The contradicting theory is that the usernames/e-mails were simply not published by the perpetrating hackers and LinkedIn really is incompetent to a massive degree. This is the 12th biggest website on the internet, by the way.

TLDR: Make sure the pass you use is not in this list by using the search tool there.

Advertisement

Superman0X

GameMaster: USA
Superman0X
Joined
11 Jun 2007
Posts
12163
Location
San Jose United States
PostedJun 07, 2012 12:57 pm
You can also try here:

http://leakedin.org/

I know that several people have verified that their semi unique password was cracked via this.

Codex.

Rank 4
Codex.
Joined
14 Aug 2011
Posts
3062
Location
United States
PostedJun 07, 2012 1:43 pm
guess time to make a different e harmony acc Sad
stuff just started to get interesting... Laughing


















... total sarcasm btw im not THAT desperate
.. yet

TotallyJay

Rank 3
TotallyJay
Joined
17 Dec 2010
Posts
1583
Location
United States
PostedJun 07, 2012 2:48 pm
Unsalted hashes in 2012, lol.

All these reports tell you to change your email/password on eHarmony or LinkedIn.... but I didn't read anywhere that they've patched their security holes?

One of the first things users should know is that until the company explicitly states that the hole used to breach security is fixed they should stop using the application completely. These companies with millions of dollars on the line and investors behind them won't tell you that, but it's the truth.

Also keep in mind that LinkedIn was collecting information without your permission via their mobile app...

Not sure what else they're storing that you don't know about. But they seemingly have no idea for security. Plaintext transmissions and unsalted security hashes. Wonder what else that hacker has. Passwords are just lulzzzzz for the public. Credit cards, personal information, security question answers.... those are the things that you don't want to lose.

I'm pretty sure the hacker didn't just dump one table.

Elizabeth647

Rank 3
Elizabeth647
Joined
09 Aug 2008
Posts
868
Location
Boston United States
PostedJun 07, 2012 5:24 pm
Eharmony was hit D : oh no! This makes cat lady sad! XD

andaro

Rank 5.1
andaro
Joined
09 Nov 2007
Posts
6435
Location
The Southern Oracle United States
PostedJun 07, 2012 5:52 pm

On Eharmony

Just a C&P from ABCNews


 
The same hackers responsible for the theft of over 6.4 million LinkedIn passwords also acquired passwords from the popular dating site eHarmony.

"After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected," eHarmony's Becky Teroka wrote on the company blog yesterday evening. According to the Los Angeles Times, 1.5 million passwords were stolen. That's significantly less than the 6.4 million LinkedIn passwords, but still a considerable amount of eHarmony's 20 million users.

The Russian hacker responsible uploaded the encrypted passwords to a Russian-language website forum. Many of them have been cracked, and while the usernames are not posted, security experts believe the hackers are in possession of that information as well.

Similar to LinkedIn, eHarmony has reset the passwords for those with compromised accounts. If you're such a user, you will be prompted to change your password next time you attempt to log in to the site.

Still, if you're a LinkedIn or eHarmony user you should still change your password. Additionally, if you have used that password on other sites or services, you should change that password on those sites as well.  

andaro

Rank 5.1
andaro
Joined
09 Nov 2007
Posts
6435
Location
The Southern Oracle United States
PostedJun 07, 2012 6:11 pm

HEADLINE -- LAST.FM Security Breached on June 7th!

Last.FM Security Breached Today! making this a Triple Whammy!


Story C&P'd


Reuters wrote:
In wake of LinkedIn hack, Last.fm confirms data breach
Last.fm is the latest site to be hit by hackers. Reps for the music platform today encouraged users to update or reset their passwords.

By Matthew Shaer / June 7, 2012

First it was LinkedIn, which saw 6.5 million user passwords exposed in a breach earlier this week. Then it was eHarmony, the e-dating site, which confirmed that it had been a target of a similar attack. Now it is Last.fm, the popular music website. In a message to users, reps for Last.fm today wrote that Last.fm had been hit by hackers, and promised immediate action.

"We are currently investigating the leak of some Last.fm user passwords," the message read. "This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately." Forgot your password? No problem. (You can reset it here.) The precise size of the Last.fm leak remains unclear.

The big question, of course, is whether the eHarmony, LinkedIn, and Last.fm hacks are connected.

In an interview at the BBC, Graham Cluely of Sophos said that looks increasingly likely. "There's a mystery in the middle of the LinkedIn breach about how they got the data," Cluely said. "You have to worry there's a common vulnerability. The fact is, the only people who know are the hackers and maybe the companies concerned, but they may be struggling to work out what's happened."

The LeakedIn breach was one of the largest in recent history. At first, the extent of the attack was unclear, but the number of exposed passwords reportedly sits at well over 6 million. Vicente Silva, a director at LinkedIn, wrote in a blog post yesterday that "some of the passwords that were compromised correspond to LinkedIn accounts." Silva pointed readers to a primer on creating a stronger password.  



Source

MaxEvil

Rank 2
MaxEvil
Joined
13 Sep 2007
Posts
738
Location
Tallinn Estonia
PostedJun 09, 2012 1:52 am
Just in case putting it here

Riot Games EUWest and EUNordic/East servers where compromised too Shocked


http://euw.leagueoflegends.com/news/league-legends-account-security-alert

Miusia

Rank 3
Miusia
Joined
06 Feb 2011
Posts
971
Location
Meow Portugal
PostedJun 09, 2012 2:38 am
Shocked

wondering what is going to be the next victim...

miuu~

Iyeru

Rank 4
Iyeru
Joined
16 Jan 2008
Posts
3063
Location
Madison, WI United States
PostedJun 09, 2012 7:37 am
Miusia wrote:
Shocked

wondering what is going to be the next victim...  


Never know with these people.
Display posts from previous:   Sort by: