-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0070 Title: Linkedin password hash database leaked[1] Version history: 07.06.2012 Initial publication Summary ======= Linkedin confirmed[1] that a file containing around 65 million of (unsalted) SHA1 password hashes connected to a Linkedin accounts have been publicly posted. Current status is that no usernames have been leaked, that can be associated with these hashes, so the exploitability of the leaked information is rather limited. However there is the danger that users provided information about their identity in their passwords. CERT-EU therefore recommends to warn your users to change their passwords on Linkedin, even if Linkedin did not yet confirm the closure of the vulnerability that initially lead to the leak. What to tell your users ================== We'd like to take the opportunity to remind you to inform your users to: - - not to use the same passwords for different services - - not to provide information about their identity in passwords - - not to use their work-email addresses to register for non-work-related services We'll update this advisory if needed. More information ============== [1] http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/ Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Data Protection: CERT-EU complies with EU Regulation 45/2001 with regards to personal data protection. Our privacy statement is published here http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJP0G89AAoJEPpzpNLI8SVoBDMP/0ZJVy1IBbLjKHUM8lM9AA+C wgrogR+s7+aforAHTSNlcFuXNTLp1BvmDWO1JJxuPy1NSN6VNegZrOSP/A3ZAKKj X1wAIRSE15+PJXdKrLMdOmwBBbHo/I7r6mTlbAgYC1OrUQ/8BrRn5v+qFPchCk9/ vuyEQ5idbT7fAAv8NsZP2RLJ4WuRDnhVkhdN0tAxe3AEA76fyPoVEvUxKDWM0pNf 6plf/oXIbGwD17gyUqgk+64iF28e3MizSHdUBCpG7N3dD6nNvwwM0/N7UBQVxyjO ZOQabqcDw5r+84+pegGpfAUUpZd6GXWGYcXTfHxUJFWagdw1jV3bBqMUiwvquWNK IGO6mg+vOn+33VXF1EV1ZaPpudSgrbZunwgoAdPPSU2wNYAaaHh8S8zdTF4jQrVV VxT9oGzj9yvNTovijYZovYyxAcL0erXIigpDl27kUpTg+gUeiO4HMXw7H9bCxqGf sdnrMnAlYEGcPIfPMUDz/qIG7fiPAwrymF2h2sdPgpon1eHE230ljsnWesSpY5Zj Ww8adjzrWWsGstgKqupUh7bM/jSzraF6E4cq7mXF/k3VIey/TiNEtQMjKp85Yrxj mfKvIWAlQ9ofjIGJtqAqa4JtbUgvjStX8tRCs0rX/Gmq0DJlQ59biGrd0RWLunEP P13kY5ghWXV9sJ68fgwS =qg3L -----END PGP SIGNATURE-----