The Fallout from eHarmony's Password Leak and New Details on LinkedIn's Fiasco

A collection of the fallout since LinkedIn and eHarmony have confirmed that user passwords have been leaked.

Since an estimated 8 million combined LinkedIn and eHarmony passwords were dumped into a user forum notorious for password cracking, the internet has exploded with speculation, investigation, advice and occasional hilarity.


In a Reuters interview, Cloudmark senior researcher Mary Landesman brought up the most interesting angle of the two concurrent hacks - that information obtained from LinkedIn and eHarmony could be used for extortion.

"When somebody has the keys to your business and personal kingdom, that gives them all sorts of powerful information," she said. "They might be able to use it for years."

Especially when considering the potential for infidelity afforded through eHarmony, and the ability to share information pertaining to it with all of that person's professional connections on LinkedIn, this seems like a very real possibility.


It didn't take long for phishing emails to take advantage of the situation, with several of my own colleagues receiving several spammy emails posing to be from LinkedIn and prompting the recipient to click a link to restore their password. Clicking the link brings users to the typical pharmaceutical websites spam emails are prone to link to, and reportedly attempts to download malware on the victim's computer.

Where to find help

Considering that reports are surfacing of even 20-character, random passwords being cracked, it may be time to start covering yourself. Here, Network World's own Brandon Butler lays out how to determine whether you've fallen victim. Or, if that's too much work, a cool site called LastPass does the legwork itself. If you're comfortable typing your password into a bar on a site you've never visited (I was a little apprehensive even though I've already changed all my pertinent passwords), LastPass converts your password into an SHA-1 hash before sending it to be compared against the list of compromised passwords. Results come back immediately, if you're willing to overturn that rock.

Laughter is the best medicine, besides a new password

Here's a list of some of the funniest LinkedIn passwords that have been exposed:
















And, because we did it yesterday with LinkedIn's leak, it's only fair to show the best Twitter has had to offer in response to eHarmony's follies:

In a positive twist to the #eHarmony password breach, one of the hackers reports getting a first date.

— Security Humor (@SecurityHumor) June 7, 2012

Shock news as LinkedIn users realise they've been using eHarmony by accident to recruit staff

— David Edmundson-Bird (@groovegenerator) June 7, 2012

First LinkedIn, now eHarmony... I better go lock down my AllRecipes account

— Bill Wasik (@billwasik) June 7, 2012

eHarmony was hacked. LinkedIn was hacked. MySpace has its firewall flung open yelling, "Helloooo! Anyone! We're unprotected!"

— Fake Dispatch (@Fake_Dispatch) June 7, 2012

Follow the Open Source Subnet on Twitter, and subscribe to your choice of its blogs.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

IT Salary Survey: The results are in