Gawker and LinkedIn
Post date: Dec 14, 2010 11:11:35 PM
I was possibly affected, since I have an account with Consumerist, which is part of Gawker (or at least used to be?) and because of that I got an email from Gawker suggesting I change my password, which I did. I had forgotten about that account and had yet to create an entry for it in my KeePass keyring, which means I likely had one of my older, replicated-across-many-sites passwords set for that account. Fortunately I have set unique passwords at most sites by now so any damage to me should be minimal. My new
Gawker Consumerist password is unique now, so even if it is compromised again, any damage is contained just to that site; a hacker could not use it to log in as me on another site.
What's interesting is an email I just received from LinkedIn:
LinkedIn Notification Dear Lewis, We recently sent you a message stating that your LinkedIn password had been disabled for security reasons. (Note: If you have more than one email registered with us, you will receive more than one password reset message. You only need to act on one of them.) This was in response to a security breach on a different site, Gawker.com, where a number of usernames and passwords were exposed. We want to make sure those leaked emails and passwords were not being used to attack any LinkedIn members. There is no indication that your LinkedIn account has been affected, but since it shares an email with the compromised Gawker accounts, we decided to ensure its safety by asking you to reset its password. If you haven't done that already, now is a good time to follow these steps: 1. Go to the LinkedIn website. 2. Click on "Sign In". 3. Click on "Forgot Password?" and follow the directions on the website. Please keep in mind that the best defense against these types of attacks is to have unique passwords for each site you use. You can always search our support site and our blog for more security tips. We apologize for the inconvenience, but we feel this action is in your best interest. Thanks for your immediate attention to our request. Sincerely, LinkedIn Privacy Team
Note LinkedIn's chain-of-thought here:
- Gawker was compromised, exposing its users' passwords
- LinkedIn and Gawker probably have users in common
- Some (or many!) of those "in common" users will use the same password for both LinkedIn and Gawker
- To be on the safe side, LinkedIn is mandating all users change their password
It's probably a bit of overkill, but kudos to LinkedIn for playing it safe.