LinkedIn, eHarmony: Data thieves leak passwords

LinkedIn, eHarmony say users' passwords were stolen and leaked onto the Internet. LinkedIn, eHarmony didn't reveal extent of breach, but reports say more than 6 million passwords have been distributed online.

|
Paul Sakuma/AP/File
In this May file photo, LinkedIn Corp., the professional networking Web site, displays its logo outside its headquarters in Mountain View, Calif. LinkedIn said Wednesday it is investigating reports that more than 6 million passwords have been stolen and leaked onto the Internet.

Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users' passwords were stolen and millions appear to have been leaked onto the Internet.

LinkedIn Corp. did not say how many of the more than six million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post Wednesday, the company said it was continuing to investigate.

Graham Cluley, a consultant with U.K. Web security company Sophos, recommended that LinkedIn users change their passwords immediately.

LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.

Later Wednesday, eHarmony said the passwords of a "small fraction" of its users had been compromised. The site, which says it has over 20 million registered online users, did not say how many had been affected. But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.

The dating service said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords. It recommended all its users adopt "robust" passwords.

There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.

Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.

LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.

Cluley said hackers are working together to break the encryption on the passwords.

"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."

It wasn't known who was behind such an attack.

LinkedIn's blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts will be sent emails with further instructions.

While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.

"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's 'game over' once the site is compromised."

Cluley warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.

LinkedIn said its emails will not include any links.

Shares of LinkedIn, which is based in Mountain View, Calif., gained 8 cents to close Wednesday at $93.08.

EHarmony is a private company based in Santa Monica, Calif.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to LinkedIn, eHarmony: Data thieves leak passwords
Read this article in
https://www.csmonitor.com/Business/Latest-News-Wires/2012/0607/LinkedIn-eHarmony-Data-thieves-leak-passwords
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe