The December 2022 issue of IEEE Spectrum is here!

Close bar

LinkedIn and eHarmony Hacked: 8 Million Passwords Taken

Expect lots of phishing emails in the coming weeks

2 min read
LinkedIn and eHarmony Hacked: 8 Million Passwords Taken

After initially pleading ignorance, the professional social network LinkedIn confirmed yesterday that it had been hacked and that the encrypted passwords of at least 6.5 million of its 161 million users had been taken.

According to a story at Cnet, a list of 6.5 million passwords allegedly from LinkedIn was uploaded to a Russian hacker server, after which someone claimed on a Russian forum that he was the one who had hacked into LinkedIn and uploaded the information. LinkedIn was contacted about the claim, and soon said that it was unable to confirm that it had been hacked.

However, as word spread about the alleged hack, experts at the security firms Sophos and Rapid7announced that that they had confirmed the uploaded list contained the LinkedIn passwords of some of their colleagues.

 User names are also suspected of being stolen along with the passwords.

Not long afterwards, LinkedIn confirmed that it had indeed been hacked.  According to the story at Cnet:

“LinkedIn encrypted the passwords using the SHA-1 algorithm, but did not use proper obscuring techniques that would have made the password cracking more difficult, said Paul Kocher, president and chief scientist of Cryptography Research. The passwords were obscured using a cryptographic hash function, but the hashes were not unique to each password, a procedure called ‘salting,’  he said. So if a hacker finds a match for a guessed password, the hash used there will be the same for other accounts that use that same password.”

According to this story today at ComputerWorld, some 60 percent of the encrypted passwords have already been cracked and it is likely that the remainder will be shortly. The SHA-1 algorithm has been known to be susceptible to cracking since 2005. Of course, in many cases, LinkedIn users made the job a lot easier by using obvious passwords, such as "linkedin," "password," and "linkedinpassword."

Kocher also was quoted by Cnet as saying that LinkedIn, “did not segregate and manage the (user) data in a way that they would not get compromised.”

LinkedIn for its part has disabled the accounts of those affected, as well as rounded up the usual mea culpas, saying, “We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.”

In related news, the dating site eHarmony also saw its security breached, possibly by the same hacker.  In this case, some 1.5 million out of 20 million passwords were taken and posted on a Russian hacker website. The passwords were encrypted in a similar way to those at LinkedIn, but it is unclear if a more secure encryption approach was used.

eHarmony similarly “deeply regret any inconvenience this causes any of our users.”

Let's hope that "inconvenience"—like getting lots of phishing email asking you to reset your eHarmony or LinkedIn passwords—is the extent of the suffering.

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less