You might have heard that LinkedIn had its password database breached, and news of it is trickling out today. There are a number of write-ups about it in most of the usual places, and Martin McKeay has a post with links to some of the better ones. The reason I’m writing about this is not to alert you, or that I’m annoyed I have to change another password. Two things really bother me about this. The first is the eerie similarity between this event and the Gawker password breach I wrote about almost exactly eighteen months ago. Both of these events made news because they were leaks of unsalted password hashes. And, although I didn’t write it in my blog post that day, two[…]
Tag: gawker
I received the following email on Monday morning: You don’t know me. I’m nobody. My name is Steve. I came across a database dump from Gawker.com earlier this evening. It’s making its rounds around the internet. Besides just the code dump from gawker.com among other sites, it also contains email addresses and passwords for over 1.3 million accounts. I’m sending this email to the 200,000 or so people who’s passwords were included, in plain text, in this archive. I have your password. However, I have 0 interest in it. Obviously i’m anonymous so how can you trust me – you can’t. But trust me, if I had interest in your password, I wouldn’t be emailing you saying I have it. That’s just[…]