Wednesday, June 06, 2012

LinkedIn, eHarmony have passwords "disclosed"; seems to involve cracking weak pw's


The Los Angeles Times is reporting that eHarmony also had over a million passwords stolen, mostly by cracking, following reports of massive breach of LinkedIn.

Salvador Rodriquez has the LAT story here

Ars Technica (Dan Goodin) has further details, about the posting of cryptographic hashes, story here   apparently after posting the “easier” pw’s on “insidepro”. 

This appears to have been a “proof of concept” hack. It's likely that the attacker doesn't plan to use any of the individual pw's. He or she ("Lizbeth" from Dragon Tattoo) wants to prove a point. 

My own LinkedIn account was working normally.  I don’t use it a lot.

McAfee gives a red security warning on “insidepro” as “risky to visit”.  (I try “risky” sites on a separate computer not used for any sensitive access.) But MyWOT rates the site green. 

No comments: