password

LinkedIn hit with $5M lawsuit over lost passwords

An Illinois woman is leading the charge against LinkedIn in a $5 million class-action lawsuit that alleges the social network failed to protect its members' data.

The suit is a result of the recent security breach in which hackers stole thousands of passwords. The passwords ended up on a site accessible to the public.

Katie Szpyrka, a registered LinkedIn account holder since 2010, filed suit last week in the U.S. District Court in the Northern District of California, claiming LinkedIn violated its own privacy policies and user agreements by not following industry, ZDNet reported today.

LinkedIn spokeswoman Erin O'… Read more

Facebook wants users' cell numbers in bid to bolster security

In the wake of a rash of password leaks, Facebook wants to educate its members about how to make their accounts more secure and is asking for users' cell phone numbers as part of that effort.

The social network has begun adding a message at the top of every member's news feed that suggests they "Stay in control of your account by following these simple security tips." The message includes a link to Facebook's security page, where users are tutored on how to identify a scam and choose a unique password, and are asked to provide … Read more

How long ago did the Last.fm security breach happen?

Last.fm's security breach that left user passwords open on a Russian hacker site last week might have shown its ugly face months ago, according to a new report.

Back in May, several Last.fm users took to the company's forums, saying that they had been receiving massive amounts of spam on e-mail addresses they created solely for Last.fm. Soon after, Last.fm customer support manager Matt Knapman said that his company was "investigating this matter urgently, running a security audit, and looking at alternative ways the spamming of Last.fm users might have occurred."… Read more

LinkedIn posts update on password leaks

LinkedIn has posted an update on what it's doing to protect its members following the appearance, earlier this week, of millions of member passwords online.

"First," the post says, "it's important to know that compromised passwords were not published with corresponding e-mail logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e., encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information … Read more

eHarmony says no other info stolen following password hack

After confirming that member passwords were comprised, eHarmony said today it is continuing to investigate the incident, but it appears no other information was taken.

"While our investigation is ongoing, we have not found any indication that other information was accessed, nor have we received any reports of unauthorized log-ins to member accounts," eHarmony spokeswoman Becky Teraoka wrote in a blog post. "We have also been working with law enforcement authorities in our investigation and have been in touch with one of the other companies affected as well."

The blog post doesn't give specific numbers … Read more

What the password leaks mean to you (FAQ)

Three companies have warned users in the last 24 hours that their customers' passwords appear to be floating around on the Internet, including on a Russian forum where hackers boasted about cracking them. I suspect more companies will follow suit.

Curious about what this all means to you? Read on.

What exactly happened? Earlier this week a file containing what looked like 6.5 million passwords and another with 1.5 million passwords was discovered on a Russian hacker forum on InsidePro.com, which offers password-cracking tools. Someone using the handle "dwdm" had posted the original list and … Read more

LinkedIn working with police on password leak

LinkedIn said today that it has contacted police about the compromise of its users' passwords that hackers were actively cracking earlier this week.

"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post. "We are also actively working with law enforcement, which is investigating this matter."

The … Read more

View Firefox passwords with PasswordFox

NirSoft's PasswordFox is a free tool that extracts and displays the passwords stored in your Mozilla Firefox profile or any other user's profile. It displays each password's Record Index, Web Site, User Name, User Name Field, and other data. It also creates HTML-based reports that you can save or print. PasswordFox works in both 32-bit and 64-bit versions of Windows.

PasswordFox is portable freeware that runs without needing to be installed. When you first open the program, it automatically detects your main Firefox user profile and displays the data under headings that can be customized by clicking … Read more

Virgin Mobile's no-contract iPhone brings savings -- at a cost

It's time to pony up for prepaid iPhones, avoid password scams and drop that mayor obsession:

The iPhone is coming to Virgin Mobile at the end of June. But you'll have to drop a hefty $650 to get the iPhone 4S, since there's no two-year contract. Plans start at $30 a month. It's cheaper in the long run to go prepaid with this plan instead of spending $200 upfront and paying for a more expensive monthly bill for two years (but you'll be limited with talk minutes). Virgin is on the Sprint network.

If Android … Read more

The 404 1,069: Where we say goodnight to the bad guy (podcast)

The dating Web site eHarmony got hit by the same group that released a list of LinkedIn member passwords yesterday, so be sure to change your passwords for both if you have accounts.

Buzzfeed also parsed through the list of leaked passwords to reveal some pretty depressing sentiments from employees. While many accounts used overly simplistic passwords like "LinkedIn" or "password1," some of the more disturbing pass phrases include things like "suicide," "solonely," "iwishiwasdead," and "divorce." They're still not very strong in terms of security, so be sure to add a special character or a number during the bleak changeover.… Read more