Skip Links

The Fallout from eHarmony's Password Leak and New Details on LinkedIn's Fiasco

A collection of the fallout since LinkedIn and eHarmony have confirmed that user passwords have been leaked.

By Open Source Community on Thu, 06/07/12 - 9:50am.

Since an estimated 8 million combined LinkedIn and eHarmony passwords were dumped into a user forum notorious for password cracking, the internet has exploded with speculation, investigation, advice and occasional hilarity.

Blackmail

In a Reuters interview, Cloudmark senior researcher Mary Landesman brought up the most interesting angle of the two concurrent hacks - that information obtained from LinkedIn and eHarmony could be used for extortion.

"When somebody has the keys to your business and personal kingdom, that gives them all sorts of powerful information," she said. "They might be able to use it for years."

Especially when considering the potential for infidelity afforded through eHarmony, and the ability to share information pertaining to it with all of that person's professional connections on LinkedIn, this seems like a very real possibility.

Phishing

It didn't take long for phishing emails to take advantage of the situation, with several of my own colleagues receiving several spammy emails posing to be from LinkedIn and prompting the recipient to click a link to restore their password. Clicking the link brings users to the typical pharmaceutical websites spam emails are prone to link to, and reportedly attempts to download malware on the victim's computer.

Where to find help

Considering that reports are surfacing of even 20-character, random passwords being cracked, it may be time to start covering yourself. Here, Network World's own Brandon Butler lays out how to determine whether you've fallen victim. Or, if that's too much work, a cool site called LastPass does the legwork itself. If you're comfortable typing your password into a bar on a site you've never visited (I was a little apprehensive even though I've already changed all my pertinent passwords), LastPass converts your password into an SHA-1 hash before sending it to be compared against the list of compromised passwords. Results come back immediately, if you're willing to overturn that rock.

Laughter is the best medicine, besides a new password

Here's a list of some of the funniest LinkedIn passwords that have been exposed:

'linkedin'

'linkedinpassword'

'sophos'

'mcafee'

'symantec'

'kaspersky'

'microsoft'

'letmein'

'changeme'

'Internet'

'nobody'

'hopeless'

'killmenow'

'iwishiwasdead'

'hatemyjob'

And, because we did it yesterday with LinkedIn's leak, it's only fair to show the best Twitter has had to offer in response to eHarmony's follies:

 

 

 

Follow the Open Source Subnet on Twitter, and subscribe to your choice of its blogs.