Wednesday, June 06, 2012
LinkedIn, eHarmony have passwords "disclosed"; seems to involve cracking weak pw's
The Los Angeles Times is reporting that eHarmony also had over a million passwords stolen, mostly by cracking, following reports of massive breach of LinkedIn.
Salvador Rodriquez has the LAT story here.
Ars Technica (Dan Goodin) has further details, about the posting of cryptographic hashes, story here apparently after posting the “easier” pw’s on “insidepro”.
This appears to have been a “proof of concept” hack. It's likely that the attacker doesn't plan to use any of the individual pw's. He or she ("Lizbeth" from Dragon Tattoo) wants to prove a point.
My own LinkedIn account was working normally. I don’t use it a lot.
McAfee gives a red security warning on “insidepro” as “risky to visit”. (I try “risky” sites on a separate computer not used for any sensitive access.) But MyWOT rates the site green.