Business social network LinkedIn and online dating service eHarmony said on Wednesday that some of their users’ passwords were stolen and millions appear to have been leaked onto the Internet.
LinkedIn Corp did not say how many of the more than 6 million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post on Wednesday, the company said it was continuing to investigate.
Graham Cluley, a consultant with UK Web security firm Sophos, recommended that LinkedIn users change their passwords immediately.
LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.
Later on Wednesday, eHarmony said the passwords of a “small fraction” of its users had been compromised.
The site, which says it has more than 20 million registered online users, did not say how many had been affected.
However, tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.
The dating service said on its blog that it had reset the passwords of the affected users, who would receive an e-mail with instructions on how to set new passwords. It recommended that all its users adopt “robust” passwords.
Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.
Cluley said hackers are working together to break the encryption on the passwords.
“All that’s been released so far is a list of passwords and we don’t know if the people who released that list also have the related e-mail addresses,” he said. “But we have to assume they do. And with that combination, they can begin to commit crimes.”
It wasn’t known who was behind such an attack. LinkedIn’s blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts would be sent e-mails with further instructions.
While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.
“If a Web site has been breached, it doesn’t matter what encryption they’re using because the attacker at that point controls a lot of the authentication,” said Carey, who works at security-risk assessment firm Rapid7. “It’s ‘game over’ once the site is compromised.”
Cluley warned that LinkedIn users should be careful about malicious e-mail generated around the incident.
The fear is that people, after hearing about the incident, would be tricked into clicking on links in those e-mails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.
LinkedIn said its e-mails would not include any links.
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source
SHOT IN THE ARM: The new system can be integrated with Avenger and Stinger missiles to bolster regional air defense capabilities, a defense ministry report said Domestically developed Land Sword II (陸射劍二) missiles were successfully launched and hit target drones during a live-fire exercise at the Jiupeng Military Base in Pingtung County yesterday. The missiles, developed by the Chungshan Institute of Science and Technology (CSIST), were originally scheduled to launch on Tuesday last week, after the Tomb Sweeping Day holiday long weekend, but were postponed to yesterday due to weather conditions. Local residents and military enthusiasts gathered outside the base to watch the missile tests, with the first one launching at 9:10am. The Land Sword II system, which is derived from the Sky Sword II (天劍二) series, was turned