Friday, 8 June 2012

Password leakage



Cock-up #1
Old news now, but for those who don't know, LinkedIn.com leaked 6.5 million passwords. Logging in for the first time after this incidence you'll see the following message:



Sorry, but we need to reset your password as a security precaution. Please enter your email below to get started. Thanks!

Security precaution? OK, I guess LinkedIn didn't want to write the truth:

Sorry bud! There has been a major cock-up and we lost yours and a few million more passwords, hence you're getting a new one. Thanks!

There has been made a site, named LeakedIn.org, where you can check if your password has been leaked, and if your password is possible to decrypt. As reviewed on Security Now this site is safe to use, as it encrypts the password you enter using JavaScript before it's sent via HTTP, then it checks if your encrypted password exists in the dump of encrypted passwords from LinkedIn (that now is available to everyone on the Internet).

Hooray!

Fingers crossed.

Sorry, friend.


If LeakedIn.org states that your password was leaked you better hurry up and change it everywhere you've used that password.





Secure yourself
- Never use the same password on several sites.
- Use strong passwords containing symbols, numbers and upper- and lower-case characters.
- Use LastPass.com, or another, or another safe password manager.
- Or you can create your own algorithm, stored in your head, for generating passwords for sites.







Cock-up #2 [updated 8th of June 2012]

When I logged in to my Last.fm account today I realised there had been a password leakage there as well. This seems to be a related issue. Read more about it at huffingtonpost.co.uk. On the page www.last.fm/passwordsecurity the following message was displayed:

We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.

Last.fm password leakage.




References:
http://leakedin.org/
http://www.dagensit.no/article2411857.ece (Norwegian)
http://twit.tv/show/security-now/356
http://thenextweb.com/bad-day-for-linkedin
http://shiflett.org/blog/2012/jun/leakedin
http://www.huffingtonpost.co.uk/2012/06/08/lastfm-hit-by-password-leak




No comments:

Post a Comment

Allowed HTML tags:
<b>bold</b>
<strong>strong</strong>
<i>italics</i>
<em>emphasis</em>
<a href="">hyperlink</a>


Please, show the courtesy of identifying yourself when adding a comment. Anonymous comments will, most likely, be removed.