BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

LinkedIn disables passwords in wake of Gawker attack

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Wed, 15 Dec 2010 00:53:05 -0500
http://news.cnet.com/8301-27080_3-20025688-245.html

LinkedIn is disabling passwords of users whose e-mail addresses were
included in the customer data that was exposed in an attack on the
Gawker blog sites.

The professional-networking site is taking this action to prevent any
of its customers from having their LinkedIn accounts hijacked in the
event that they used the same password that they used on any of the
Gawker sites.

"There is no indication that your LinkedIn account has been affected,
but since it shares an e-mail with the compromised Gawker accounts, we
decided to ensure its safety by asking you to reset its password," the
company said in an e-mail to users today.

To reset your LinkedIn password, go to the Web site and click on "Sign
In" and "Forgot Password?" and follow the directions.

Gawker's Web site and back-end database were compromised, and
passwords, usernames, and e-mail addresses for about 1.3 million user
accounts were posted on the Pirate Bay Bit torrent site over the
weekend. The passwords were encrypted with technology. However, weak
passwords can easily be cracked by brute force attacks. (To find out
how to check if you are at risk and get more details about the
incident read this FAQ.)

People who use the same password on multiple sites are at risk of
having their accounts on those other sites compromised. This happened
already on Twitter, with some accounts being used to send spam shortly
after the Gawker breach was publicized.

Security experts urge people to choose strong passwords, to change
them often and to not use the same password on multiple sites.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: