LinkedIn, eHarmony Data Breaches May Affect Millions

June 7, 2012

Social networking site LinkedIn and online dating service eHarmony are warning that some user passwords have been breached after security experts discovered scrambled files with passwords for some 8 million online accounts, according to a report from Reuters.

The two companies declined to say exactly how many accounts had been breached when issuing an initial statement Wednesday, instead only saying that they were conducting investigations, the report says.

Technology news site Ars Technica reported on Wednesday that a total of 8 million encrypted passwords were published on underground forums by a hacker known as “dwdm,” who was requesting help to unscramble the files, according to Reuters.

It was not clear whether all 8 million passwords belonged to LinkedIn or eHarmony users, or if the hacker had in fact stolen an even large number of credentials and hadn’t posted them all, the article says. The files only included passwords, not email addresses, meaning that anyone who downloaded and unscrambled the files would still have a difficult time accessing accounts.

However, according to Reuters, analysts say that it is likely that the hackers who stole the passwords initially also have the corresponding email addresses and would be able to access the accounts.

Mary Landesman, senior researcher with messaging security firm Cloudmark, said that a hacker with access to someone’s LinkedIn and eHarmony account might be in a good position to commit extortion, the article reports.

“When somebody has the keys to your business and your personal kingdom, that gives them all sorts of powerful information,” she said in the article. “They might be able to use it for years.”

Security experts examining the breach say that LinkedIn was not using the best practices for protecting the data, claiming that the company used a vanilla or basic technique for encrypting passwords, which allowed hackers to quickly unscramble them after they figure out the generic formula used for all of the credentials, Reuters reports.

The site could have made unscrambling passwords much more tedious by using a technique known as “salting,” or adding a secret code to each password before it is encrypted, the article says.

Neither site is commenting on the criticism, but both are recommending that users change their passwords immediately.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

This webinar will assist those responsible for developing a comprehensive K-12 safety and security program by helping security professionals and administrators understand the goals and objectives of a district-wide safety and security program.

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

LinkedIn, eHarmony Data Breaches May Affect Millions

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

LinkedIn, eHarmony Data Breaches May Affect Millions

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.