The Gawker Hack Ripple Hits LinkedIn
Gawker Media is still cleaning up the mess left by a hacker attack this weekend, but now other sites have their own work to do. That’s because Gawker commenters who had their logins and passwords exposed may have used the same combinations on other sites, creating more headaches.
Example 1: Twitter saw a rash of promotional tweets for a bogus berry weight-loss product, the result of a security breach thought to be connected to the Gawker break-in.
Example 2: LinkedIn has temporarily disabled the accounts of any users whose email addresses turned up in the public database of hacked accounts. It’s asking those users to reset their passwords.
LinkedIn PR guy Hani Durzy says the move, which started yesterday afternoon, has only affected a “small fraction” of LinkedIn’s 85 million members. He says the social network made the decision proactively, not because it had any evidence that any accounts had been misused; LinkedIn now has a blog post on the topic.
Some context/math: Gawker has said it has had to notify users of 1.5 million email addresses to change their passwords following the break-in.
If, for argument’s sake, half of those emails belonged to LinkedIn users, that would be less than one percent of the company’s user base. And likely much less: For some reason I have two emails connected to my single LinkedIn account. And both were exposed during Gawkergate, so I got two emails this morning.
No real debacles so far, but that doesn’t mean we won’t see them. Who’s next?