Since an estimated 8 million combined LinkedIn and eHarmony passwords were dumped into a user forum notorious for password cracking, the internet has exploded with speculation, investigation, advice and occasional hilarity.
In a Reuters interview, Cloudmark senior researcher Mary Landesman brought up the most interesting angle of the two concurrent hacks - that information obtained from LinkedIn and eHarmony could be used for extortion.
"When somebody has the keys to your business and personal kingdom, that gives them all sorts of powerful information," she said. "They might be able to use it for years."
Especially when considering the potential for infidelity afforded through eHarmony, and the ability to share information pertaining to it with all of that person's professional connections on LinkedIn, this seems like a very real possibility.
It didn't take long for phishing emails to take advantage of the situation, with several of my own colleagues receiving several spammy emails posing to be from LinkedIn and prompting the recipient to click a link to restore their password. Clicking the link brings users to the typical pharmaceutical websites spam emails are prone to link to, and reportedly attempts to download malware on the victim's computer.
Where to find help
Considering that reports are surfacing of even 20-character, random passwords being cracked, it may be time to start covering yourself. Here, Network World's own Brandon Butler lays out how to determine whether you've fallen victim. Or, if that's too much work, a cool site called LastPass does the legwork itself. If you're comfortable typing your password into a bar on a site you've never visited (I was a little apprehensive even though I've already changed all my pertinent passwords), LastPass converts your password into an SHA-1 hash before sending it to be compared against the list of compromised passwords. Results come back immediately, if you're willing to overturn that rock.
Laughter is the best medicine, besides a new password
And, because we did it yesterday with LinkedIn's leak, it's only fair to show the best Twitter has had to offer in response to eHarmony's follies:
— Security Humor (@SecurityHumor) June 7, 2012
Shock news as LinkedIn users realise they've been using eHarmony by accident to recruit staff
— David Edmundson-Bird (@groovegenerator) June 7, 2012
First LinkedIn, now eHarmony... I better go lock down my AllRecipes account
— Bill Wasik (@billwasik) June 7, 2012
eHarmony was hacked. LinkedIn was hacked. MySpace has its firewall flung open yelling, "Helloooo! Anyone! We're unprotected!"
— Fake Dispatch (@Fake_Dispatch) June 7, 2012