Tech Made Simple

Hot Topics: Heartbleed: What you Need to Know | Best iPhone 5 Battery Case | Best Bluetooth Headset | What's Draining Your Android Battery?

Techlicious Blog

author photo

LinkedIn & eHarmony Confirm Passwords Were Hacked

by on June 07, 2012
in Computers and Software, News, Computer Safety & Support, Blog :: 4 comments

Professional networking site LinkedIn and dating site eHarmony confirmed yesterday that millions of user passwords have been stolen from their databases and posted on the Internet. If you are a user of either of these services, it's critical that you change your password immediately on these sites, as well as any other sites for which you use the same password, especially for email, banking or other sensitive data.

The breach was identified when the hacker(s) posted the list of 8 million encrypted passwords to a hacker forum for help with breaking the encryption code. Sophos security is reporting that more than 60% of the passwords have already been cracked.

Worse, while the 8 million passwords posted represent only a small portion of the total users of the sites, some security experts suspect that the hacker(s) may have access to the full password list and only posted those that they were having difficulty cracking. Rick Redman, a security consultant for Kore Logic Security told Ars Technica, "It's pretty obvious that whoever the bad guy was cracked the easy ones and then posted these, saying, 'These are the ones I can't crack.'"

How did this happen? Well, how the hacker got access to the data isn't known. However, the ability to easily hack the passwords is due to poor data security measures at each of the companies.

In the case of LinkedIn, passwords were encrypted, but they were not using "salting" to introduce random characters into the encryption and make them harder to break. LinkedIn has since corrected this weakness and all new passwords will be salted and encrypted..

eHarmony also was apparently using weak encryption policies and still doesn't appear to understand the steps required to secure your information properly. In a post on the eHarmony blog, they are recommending users reset their passwords and provide tips for creating a strong password. But to be absolutely clear, this hack has nothing to do with users creating weak passwords—even the strongest password is useless if the company storing your password doesn't protect it properly. The eHarmony blog is silent on what steps they are taking to improve their own security. 

Given the serious nature of this breach, I recommend that all users of LinkedIn and eHarmony change your passwords immediately, even if you have not been notified that your password was one of those stolen. If you share the password with other sites, you should change it on those sites as well.

Because eHarmony has yet to adequately address the security measures they are putting in place to protect this breach from happening again, you should consider any password and personal information you post to eHarmony as insecure.

Subscribe to the Techlicious Daily Email!

Get the Techlicious Guide to Great Photography as your FREE gift!

Discussion loading

gravatar

Why are you telling us this?

From Elizabeth on June 07, 2012 :: 11:35 am

And not eHarmony or Linked In?

I’ve been on Linked In yesterday and today and there is not one word about this.

It’s frustrating that these sites can’t get the word to us faster than you can.

Reply

avatar

Good question!

From Josh Kirschner on June 07, 2012 :: 9:18 pm

We’re wondering the same thing and have reached out to LinkedIn for comment.

Reply

gravatar

Secure website builder software

From Mike on June 07, 2012 :: 9:27 pm

If you want your website to be secure, it is best to use Ultimate Web Builder software - http://www.redesigns.org/web-builder .  It uses encryption plus salting for passwords, as well as other security features.

Regarding a secure dating website to use that is really cool and awesome too - and free! - best is Friends Match Me - http://www.friendsmatchme.com .  It is a free Facebook dating app too, and does not store your passwords.

Reply

gravatar

Linkedin Passwords Hacked

From Alan on June 10, 2012 :: 1:30 pm

Tried to log in this evening. Still asked for a password. What gives?

Reply

© 2014 Techlicious LLC. :: Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us :: Terms of Use | Privacy Policy

site design: Juxtaprose