[Password Leak] LinkedIn database hacked
justusranvier:
Quote from: Steve on June 06, 2012, 09:16:04 PM
You enter a master password and other details (like the domain name and user id) then it uses a hash function to generate a password that doesn't need to be stored anywhere. It does all of that on the client, in the browser and you can access it from any computer with an internet connection and a browser (only on a computer you trust of course).
I used a tool like that before but found it more convenient to use a tool that came with plugins for every browser I use including Android. I want my password manager to Just Work no matter which browser I am using so I've found it to be easier to disable the built-in managers and just use the LastPass plugin for everything.
Herodes:
Cool thing is that linkedln easily could rename their service to leakedln. Whoever used linkedln anyway ?
Nefario:
GLBSE uses BCrypt + salt
Stephen Gornick:
Quote
So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible
- https://twitter.com/CrackMeIfYouCan/status/210474428407103490
So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked. So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal. So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .
So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts. Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this. PayPal, without having a security question hurdle even more. Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.
Aye ,... this could be painful.
justusranvier:
Quote from: Stephen Gornick on June 06, 2012, 11:48:55 PM
Quote
So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible
- https://twitter.com/CrackMeIfYouCan/status/210474428407103490
So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked. So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal. So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .
So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts. Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this. PayPal, without having a security question hurdle even more. Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.
Aye ,... this could be painful.
I'm disappointed. According to LeakedIn my password is not part of the leak. It would have been interesting to see if anyone managed to crack my old password: h0NOl&tHgNr7ePTiayf7
Navigation
[0] Message Index
[#] Next page
[*] Previous page