Password breach spreads beyond LinkedIn

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen
More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Security experts were warning customers of the hacked websites to be alert for fake emails which purport to warn about the breach but are in fact attempts to steal , a phenomenon known as "phishing."

The US dating website eHarmony and the British-based music site Lastfm.com said their were also compromised and urged members to change their .

"We are currently investigating the leak of some Last.fm user passwords," the website blog said.

"This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we're asking all our users to change their passwords immediately."

EHarmony's Becky Teraoka said that "a small fraction of our user base has been affected" and that "as a precaution, we have reset affected members' passwords."

Graham Cluley of the British Sophos said data from 1.5 million eHarmony passwords was uploaded to websites, "where hackers were encouraged to join forces to crack them."

Cluley also warned users of Lastfm.com to change their passwords.

But users were also being cautioned against clicking on links that purport to be from the compromised websites. LinkedIn said it was not including any links in its warnings to customers.

Mikko Hypponen of the Finland-based firm F-Secure said a flood of such phishing emails was likely.

"First change your LinkedIn password. Then prepare for scam emails about LinkedIn password changes, linking to phishing sites. Will happen," he said in a Twitter message.

Security experts said some 6.5 million accounts were posted to a Russian hacker forum, but that figure was being debated Thursday.

The security firm Imperva said the evidence suggests "the size of the breach is much bigger than the 6.5 million accounts" and added that "the passwords weren't properly protected."


Explore further

Some LinkedIn, eHarmony passwords leaked online (Update 3)

(c) 2012 AFP

Citation: Password breach spreads beyond LinkedIn (2012, June 7) retrieved 10 December 2019 from https://phys.org/news/2012-06-password-breach-linkedin.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments