Monday 11 June 2012

All your passwords are belong to us

Are you a professionally-savvy gamer looking for a date? Well, turn down the internet radio and listen up because your passwords are probably compromised.

Over the last few weeks, we’ve seen an unprecedented number passwords leaked. Here’s a rundown of what’s been happening, site by site.


Over 6 million hashed passwords were published last week on a Russian forum site. Many experts are speculating that the list may actually be substantially larger and that many simple passwords that were quickly cracked have been left off. Despite many members reporting that they had identified their own password on the list, the company really took their time in confirming the authenticity of the list.

Over the weekend, LinkedIn posted an update on their blog.

First, it’s important to know that compromised passwords were not published with corresponding email logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.

League of Legends
Riot Games, publisher of the popular real-time-strategy game League of Legends, announced Saturday that player information and hashed passwords in two of their three servers (EU West and EU Nordic & East) had been accessed by hackers.

The company’s blog reports that the stolen information included hashed passwords, players’ first and last names, home addresses, security questions and answers, and email addresses.

The popular internet radio site had about 1.5 million hashed passwords leaked to a password cracking forum last week. But here’s the best part – while the hacked list was only published last week, a story is developing that the actual security breach happened months ago.
In May, users took to the company’s forums, reporting that they were receiving unprecedented levels of spam.  In response, the company ran a security audit and said that no breach was detected.

However, reddit user mingaminga is now claiming that the password list is 17 million strong and was privately discussed at hacker convention DEFCON 2011 which took place in August of last year. says they have not yet identified the security vulnerability that led to the leak.


Details are murky with the eHarmony password breach, but it looks like about 1.5 million passwords were leaked online. According to the company’s blog, all members using one of the exposed passwords will be prompted to change it.

eHarmony last updated members on June 7th and said they do not believe any information other than passwords has been compromised.

No comments:

Post a Comment