posted Dec 14, 2010, 3:11 PM by Lewis Baumstark
Recently, the Gawker
family of websites was hacked
by someone claiming
affiliation with Anonymous, the distributed hacking/activist network.
I was possibly affected, since I have an account with Consumerist, which is part of Gawker (or at least used to be?) and because of that I got an email from Gawker suggesting I change my password, which I did. I had forgotten about that account and had yet to create an entry for it in my KeePass
keyring, which means I likely had one of my older, replicated-across-many-sites passwords set for that account. Fortunately I have set unique passwords at most sites by now so any damage to me should be minimal. My new
Consumerist password is unique now, so even if it is compromised again, any damage is contained just to that site; a hacker could not use it to log in as me on another site.
What's interesting is an email I just received from LinkedIn:
Note LinkedIn's chain-of-thought here:
We recently sent you a message stating that your LinkedIn password had been
disabled for security reasons. (Note: If you have more than one email registered
with us, you will receive more than one password reset message. You only need to
act on one of them.)
This was in response to a security breach on a different site, Gawker.com, where
a number of usernames and passwords were exposed. We want to make sure those
leaked emails and passwords were not being used to attack any LinkedIn members.
There is no indication that your LinkedIn account has been affected, but since
it shares an email with the compromised Gawker accounts, we decided to ensure
its safety by asking you to reset its password.
If you haven't done that already, now is a good time to follow these steps:
1. Go to the LinkedIn website.
2. Click on "Sign In".
3. Click on "Forgot Password?" and follow the directions on the website.
Please keep in mind that the best defense against these types of attacks is to
have unique passwords for each site you use. You can always search our support
site and our blog for more security tips.
We apologize for the inconvenience, but we feel this action is in your best
interest. Thanks for your immediate attention to our request.
LinkedIn Privacy Team
- Gawker was compromised, exposing its users' passwords
- LinkedIn and Gawker probably have users in common
- Some (or many!) of those "in common" users will use the same password for both LinkedIn and Gawker
- To be on the safe side, LinkedIn is mandating all users change their password
It's probably a bit of overkill, but kudos to LinkedIn for playing it safe.