Friday, 8 June 2012

Password leakage

Cock-up #1
Old news now, but for those who don't know, leaked 6.5 million passwords. Logging in for the first time after this incidence you'll see the following message:

Sorry, but we need to reset your password as a security precaution. Please enter your email below to get started. Thanks!

Security precaution? OK, I guess LinkedIn didn't want to write the truth:

Sorry bud! There has been a major cock-up and we lost yours and a few million more passwords, hence you're getting a new one. Thanks!

There has been made a site, named, where you can check if your password has been leaked, and if your password is possible to decrypt. As reviewed on Security Now this site is safe to use, as it encrypts the password you enter using JavaScript before it's sent via HTTP, then it checks if your encrypted password exists in the dump of encrypted passwords from LinkedIn (that now is available to everyone on the Internet).


Fingers crossed.

Sorry, friend.

If states that your password was leaked you better hurry up and change it everywhere you've used that password.

Secure yourself
- Never use the same password on several sites.
- Use strong passwords containing symbols, numbers and upper- and lower-case characters.
- Use, or another, or another safe password manager.
- Or you can create your own algorithm, stored in your head, for generating passwords for sites.

Cock-up #2 [updated 8th of June 2012]

When I logged in to my account today I realised there had been a password leakage there as well. This seems to be a related issue. Read more about it at On the page the following message was displayed:

We are currently investigating the leak of some user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately. password leakage.

References: (Norwegian)

No comments:

Post a Comment

Allowed HTML tags:
<a href="">hyperlink</a>

Please, show the courtesy of identifying yourself when adding a comment. Anonymous comments will, most likely, be removed.