Some LinkedIn, eHarmony passwords leaked online (Update 3)

Jun 06, 2012 by CASSANDRA VINOGRAD
In this May 9, 2011 file photo, LinkedIn Corp., the professional networking Web site, displays its logo outside of headquarters in Mountain View, Calif. LinkedIn said Wednesday, June 6, 2012, it is investigating reports that more than six million passwords have been stolen and leaked onto the Internet. (AP Photo/Paul Sakuma, file)

(AP) — Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users' passwords were stolen and millions appear to have been leaked onto the Internet.

LinkedIn Corp. did not say how many of the more than six million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post Wednesday, the company said it was continuing to investigate.

Graham Cluley, a consultant with U.K. Web security company Sophos, recommended that LinkedIn users change their passwords immediately.

LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.

Later Wednesday, eHarmony said the passwords of a "small fraction" of its users had been compromised. The site, which says it has over 20 million registered online users, did not say how many had been affected. But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.

The dating service said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords. It recommended all its users adopt "robust" passwords.

There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.

Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.

LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.

Cluley said hackers are working together to break the encryption on the passwords.

"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."

It wasn't known who was behind such an attack.

LinkedIn's blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts will be sent emails with further instructions.

While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.

"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's 'game over' once the site is compromised."

Cluley warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.

LinkedIn said its emails will not include any links.

Shares of LinkedIn, which is based in Mountain View, Calif., gained 8 cents to close Wednesday at $93.08.

EHarmony is a private company based in Santa Monica, Calif.

Explore further: Britain's UKIP issues online rules after gaffes

More information: LinkedIn: blog.linkedin.com
eHarmony: advice.eharmony.com/blog/

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Are you any good at creating passwords?

Jan 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Gawker hack underscores flaws with passwords

Dec 19, 2010

The fallout from a hacking attack on Gawker Media Inc. a week ago underscores a basic security risk of living more of our lives online: Using the same username and password for multiple sites is convenient, but costly.

Hackers claim stealing SonyPictures.com passwords

Jun 02, 2011

Hackers claimed on Thursday to have stolen more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Spotlight falls on Sony's troubled cybersecurity

Jun 03, 2011

(AP) -- Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the company's stricken cybersecurity program.

Large-scale data theft fazes Finnish police

Nov 14, 2011

Finnish police on Monday called on users of online services to change their passwords after nearly 15,000 user names and passwords were stolen and published on the Internet.

Online passwords are insecure: study

Apr 03, 2012

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.

Recommended for you

Britain's UKIP issues online rules after gaffes

17 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

17 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.