Passwords leaked - LinkedIn, eHarmony, Last.fm

Recently many password databases have been compromised and released publicly. LinkedIn, Last.fm, and eHarmony. If you are a user of any of these services your password may have been one of those leaked.

How do I tell if my account was compromised?

Lastpass, a service I recommend for password and account security, has put together a page for each of the breaches wherein you can submit your password and it will tell you if your password is in the publicly available lists. This is done in a secure manner, Lastpass never gets your unencrypted password, but rather compares your hashed input to the hashes publicly available. For those of you who don’t know what a hash is, just think encrypted.

Was My LinkedIn Password Hacked?
Was My eHarmony Password Hacked?
Was My Last.fm Password Hacked?

What now?

Even if the above pages say you are not compromised, now would be a good time to make sure you are using unique, secure and new passwords on those sites. I also suggest that you take this chance to start using a password vault, Lastpass and KeePass are good ones I’ve used in the past.

How do I keep this from affecting me in the future?

Always use different passwords for different sites. This limits the damage that can be done when any particular service is compromised. Imagine that you used the same login for your email account as your LinkedIn account and that information got out. Not only would you lose your LinkedIn account but potentially your email as well. Also remember that most accounts have a “forgot your password?” link that just email you password reset instructions. An attacker using those links can have access to any account you have ever had.

You can read more password recommendations in previous posts, specifically Password Best Practices Part 1 and Password Best Practices Part 2.

0 notes