6.5 million LinkedIn passwords leaked by Russian hackers

Are you a LinkedIn user? If so, you might want to change your passwords, as 6.5 million passwords belonging to users of the business-centric social network have been leaked onto a Russian hacking forum. The dump contained unsalted passwords hashed using the SHA-1 encryption system, meaning that they are easily decryptable using online tools. No other information has been released, but it is possible that usernames and passwords were also compromised during the attack. Remarkably, LinkedIn’s share price ended the day up 0.09%, only to fall in after hours trading.

In a blog post regarding the attack and password dump, LinkedIn’s Vincente Silveira explained how the company plans to deal with the compromised accounts, which make up for a small fraction of the network’s reported 161 million users.

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.

To find out if your password is included in the list, head to LeakedIn which will take your password and hash it using the same SHA-1 encryption, before checking for presences of that hash in the list of passwords. Mercifully mine was not published, but the Digixav offices do have a number of passwords in the leak. Buzzfeed’s John Herrman used the tool to check for some possible passwords, both common and hilarious, and created a list of the best 23. Even if you are not affected by this attack, it should serve as a good reminder to constantly change your passwords and make them unique, but not to make them anything like these.

Advertisements

Why reviews need honesty

Reviews exist for a reason. You read them to find out opinions about products, and, as such, you want people to be honest about the stuff that they are writing about. Reading David Pogue’s review for the New York Times of the Samsung Galaxy Player 4.2 made me angry as, like Buzzfeed’s Matt Buchanan pointed out all too well, the author is trying too hard to be nice. Being nice about something will make it seem good. If it is not good, don’t try and fool the reader with your feigned attempt at praise.

The Player 4.2 is beautiful. Its plastic shell, with comfortably rounded edges, can’t hold a candle to the mirror-finish metal back of the Touch, but of course it doesn’t hold fingerprints, either.

You’ll probably need to buy a memory card, in fact, since the Player comes with only about four gigabytes of free memory for your files. But the point is: the capacity of your Player is up to you. Choice is good, right?

In the end, the Player should hold special appeal for a significant customer niche: rebels. The technologically sophisticated. People who would enjoy the freedom of removable cards and batteries. Parents who might like that peculiar business about making phone calls through a cheaper phone. People who own recent Samsung televisions (the Player doubles as a remote control). Anyone with a dominant anti-Apple gene.

Otherwise, it’s not entirely clear who would benefit by this slightly thicker, slightly heavier, slightly less refined iPod Touch. Until that question is answered, it’s hard to imagine Samsung’s latest becoming a significant Player in the Galaxy.

Once again, as much as it pains me to say it, I find myself in agreement with Mr. Massive Greatness himself, MG Siegler.

I don’t know about you, but when I read my favorite technology writers, I want an opinion. Is the iPhone 4S the best smartphone, or is it the Galaxy Nexus? I need to buy one, I can’t buy both. [Josh] Topolsky never gives us that. Instead, he pussyfoots around it. One is great at some things, the other is great at others. Barf.

Fucking pick one. I bet that even now he won’t.

This is the problem I have with most technology reviews these days. Everyone seems so afraid to say how they really feel about the device. And more often than not, that’s exactly what readers want.

Reviews need opinion, not horseshit. If something is good, the review should make that clear. If something is crap, the review should make that clear. That’s why I respect Josh Topolsky. He reviewed the Nokia Lumia 900 and people went mad when he gave it a 7.0. He was totally wrong on a few things, but at least he was honest. And that’s what we strive for at Digixav. As Paloma Faith once sang, do you want the truth or something beautiful? I know what I’d rather have.