LinkedIn, eHarmony Data Breaches May Affect Millions

June 7, 2012

Social networking site LinkedIn and online dating service eHarmony are warning that some user passwords have been breached after security experts discovered scrambled files with passwords for some 8 million online accounts, according to a report from Reuters.

The two companies declined to say exactly how many accounts had been breached when issuing an initial statement Wednesday, instead only saying that they were conducting investigations, the report says.

Technology news site Ars Technica reported on Wednesday that a total of 8 million encrypted passwords were published on underground forums by a hacker known as “dwdm,” who was requesting help to unscramble the files, according to Reuters.

It was not clear whether all 8 million passwords belonged to LinkedIn or eHarmony users, or if the hacker had in fact stolen an even large number of credentials and hadn’t posted them all, the article says. The files only included passwords, not email addresses, meaning that anyone who downloaded and unscrambled the files would still have a difficult time accessing accounts.

However, according to Reuters, analysts say that it is likely that the hackers who stole the passwords initially also have the corresponding email addresses and would be able to access the accounts.

Mary Landesman, senior researcher with messaging security firm Cloudmark, said that a hacker with access to someone’s LinkedIn and eHarmony account might be in a good position to commit extortion, the article reports.

“When somebody has the keys to your business and your personal kingdom, that gives them all sorts of powerful information,” she said in the article. “They might be able to use it for years.”

Security experts examining the breach say that LinkedIn was not using the best practices for protecting the data, claiming that the company used a vanilla or basic technique for encrypting passwords, which allowed hackers to quickly unscramble them after they figure out the generic formula used for all of the credentials, Reuters reports.

The site could have made unscrambling passwords much more tedious by using a technique known as “salting,” or adding a secret code to each password before it is encrypted, the article says.

Neither site is commenting on the criticism, but both are recommending that users change their passwords immediately.

Career Focus: The Evolving Role of the Security Executive

How can you advance your career in the security industry with the skills and competencies necessary to benefit your organization? What will the security executive and the security function of the future look like? Join us as we hear from veterans in the security industry about their experiences, their lessons learned, and best practices for advancing their careers.

Security measures today tend to focus on controlling access, albeit with limitations. Many organizations, for example, know how many people have entered a secure location, but not how many have left.

Poll

Video Surveillance

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

LinkedIn, eHarmony Data Breaches May Affect Millions

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

LinkedIn, eHarmony Data Breaches May Affect Millions

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.