RV_ Posted May 19, 2016 Report Share Posted May 19, 2016 For those who use Linked in for professional profiles your login credentials are likely available to the criminals. If you are one of the many who uses the same password everywhere they will have the keys to your kingdom. Excerpt: "Over 117 million LinkedIn user logins are for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). The breach is tied to an earlier hack on LinkedIn in 2012, when the company originally said 6.5 million accounts had been compromised. The hacker, identified as Peace, claims the the data includes user IDs, email addresses and hashed passwords (SHA1) for LinkedIn users. Peace is advertising the sale of LinkedIn data for 167 million accounts. A second source that includes the data and breach search service called LeakedSource claims it’s familiar with the data and said 117 million of the records for sale by Peace include email address and unsalted SHA1 hashed passwords. The publication Motherboard is reporting that operators of LeakedSource were able to crack “90 percent of the passwords in 72 hours” or 117 million accounts. Noted security researcher Troy Hunt, via his Twitter account said he has seen and verified authenticity of portions of the username and passwords adding “It’s highly likely to be legit” data. At the time of the initial 2012 breach LinkedIn said it invalidated the passwords of “all affected users,” which at the time the company said was 6 million accounts out of 140 million. “Unfortunately, it would seem that password reset fell short of what we now know to be over a hundred million accounts,” said Tod Beardsley, security research manager at Rapid7. Beardsley and other security firms say the cache of compromised 4-year-old account passwords may have limited worth among hackers, and the real value is with a treasure trove of valid user email addresses. “The most valuable data in the LinkedIn compromise may not be the passwords at all, but the enormous registry of email addresses connected to working professionals,” Beardsley said." The whole article is here with more details: https://threatpost.com/2012-linkedin-breach-just-got-a-lot-worse-117-million-new-logins-for-sale/118173/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Jim & Alice Posted May 19, 2016 Report Share Posted May 19, 2016 Thanks, Derek. All I can say is... !@#$%&!!! Think I will go change my passwords again. Jim 2007 Dolphin Safe-T-Plus Steering Bar Our Blog: Click Here Link to comment Share on other sites More sharing options...
RV_ Posted May 19, 2016 Author Report Share Posted May 19, 2016 YW Jim, If you changed your passwords in the last 4 years you're fine unless you used the LinkedIn PW for other accounts since. I'm glad I've avoided all the social and professional websites. But our credit cards were compromised from bank hacks. All we can do is make the changes and move on. I try to keep friends informed on the ones we might be targets for. RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Jim & Alice Posted May 19, 2016 Report Share Posted May 19, 2016 I appreciate your pulling together info on things, Derek. You seem to have a good ability to sift thru media sources, and bring out that which is Useful & interesting... especially Space Program news! I generally don't do social media, but Linkedin was useful back in my IT working days and I am still coasting on that entry. And to please our kids... I/we find a 'passive' Facebook account useful on occasion! I have a Password Manager that I use for maintaining 'good' passwords so changing is not all that big of a deal. Hope all is well back in Haughton. Thanks. Jim 2007 Dolphin Safe-T-Plus Steering Bar Our Blog: Click Here Link to comment Share on other sites More sharing options...
RV_ Posted May 20, 2016 Author Report Share Posted May 20, 2016 Thanks Jim, my pleasure. All is well as anyone can be. When you are back in the area I think you will like how we did the new house. We have the structure and inside done and are loving it. We can't get a backhoe in for the drainage and to do the final finish grade around the dirt pad. Stop by when you are in the area. I haven't used a PW manager yet but am getting a Round Tuit as soon as I can. RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
SWharton Posted May 20, 2016 Report Share Posted May 20, 2016 I would think ifyou were going to have problems of any sort it would have happened by now since the breach was 4 years ago.............................. Link to comment Share on other sites More sharing options...
RV_ Posted May 21, 2016 Author Report Share Posted May 21, 2016 Swharton, here is todays news about the breach: LinkedIn Slams Breach Data Reseller With Cease and Desist Order LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud and Abuse Act because it is “illegally copying and displaying LinkedIn members’ information” without their consent. Earlier this week, Over 117 million LinkedIn user logins went up for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). LeakedSource, which is selling access to the data via a subscription model, claimed it is in the possession of 117 million of the LinkedIn account records that include email address and unsalted SHA-1 hashed passwords. https://threatpost.com/linkedin-slams-breach-data-reseller-with-cease-and-desist-order/118213/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
SWharton Posted May 21, 2016 Report Share Posted May 21, 2016 I just saw an article where Linkedin is telling their customers to change passwords. This happened 4 years ago, why have they delayed telling their customers about the breach? Several of my sensitive sites force me to change my password every 6 months. I have a love/hate with this policy especially since they don't allow me to reuse a password that I used in xx months/years. Link to comment Share on other sites More sharing options...
RV_ Posted May 27, 2016 Author Report Share Posted May 27, 2016 S Wharton, I think you missed the main newsworthy part. The breach was four years ago, but the criminal market just put the data up for sale in the last week or three. Originally Linked in said the breach involved only 6 million accounts, but now they see over 100k accounts info for sale on the black market. So with the email addresses and an old password, they can likely use them on other websites where users only used one password for all their websites, then only changed Linked in. Read the links. RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.