News broke yesterday that attackers managed to get their hands on about 6.5 million LinkedIn password hashes after a successful security breach. LinkedIn reacted quickly and disabled the affected user account passwords on their sites, communicating with affected users to get the issue resolved as quickly as possible.
It appears however that LinkedIn has not been the only target of attacks in recent times. Dating site eHarmony confirmed that "a small fraction" of user account information had been compromised, and that all affected user account passwords had been reset as a precautionary method.
Members affected by the breach will receive email instructions on how to reset the passwords. Users obviously should make sure that they have not used the password anywhere else on the Internet to avoid the compromising of those accounts by the attackers.
Since you can't log in if your account has been affected as the password has been reset, you need to visit the website and request a new password on this page: http://www.eharmony.com/login/
Last.fm, the popular music website, has also posted an advisory on their website confirming that the site too has discovered a breach and the leaking of user passwords. The information provided by Last.fm are scarce at this point in time. The company is not revealing how many users have been affected or when they first became aware of the breach. Users who log in to the service see the security announcement after log in.
Unlike eHarmony and LinkedIn, passwords have not been reset yet. Since we do not know the reach of the breach, it is highly suggested that all Last.fm users log in to the service right away and change their passwords there.
- Log in to Last.fm here: https://www.last.fm/login
- If your Last.fm login is not accepted, try reseting the password here: https://www.last.fm/settings/lostpassword/
- Once you are logged in, click on the settings page to reset your password there. A click on the arrow next to the username and the selection of Settings gets you there. Here you switch to password, and enter your current password and the new password that you want to use.
It is highly suggested to select a secure password to make the decryption of the password difficulty to near impossible in a reasonable amount of time.
Have you been affected by any of the password breaches today? If so, what have you done as a reaction?