Ask HN: LinkedIn made me reset my password (my email was in the Gawker dump)
I suspect LinkedIn is checking email addresses against the hacked Gawker data and forcing any matching accounts to reset their password. Here's an except of the email they sent me:
In order to ensure that you continue to have the best experience using
LinkedIn, we are constantly monitoring our site to make sure your account information is safe.
We have recently disabled your account for security reasons.
Is this happening to anyone else? for other sites?
23 comments
[ 3.5 ms ] story [ 51.6 ms ] threadProactive security response.
---
In order to ensure that you continue to have the best experience using LinkedIn, we are constantly monitoring our site to make sure your account information is safe.
We have recently disabled your account for security reasons. To reset your password, follow these quick steps:
Go to the LinkedIn website Click on "Sign In" Click on "Forgot Password?" and follow the directions on the website
"As a proactive security measure, we've reached out to users potentially affected by the gawker breach to change their password."
http://twitter.com/#!/LinkedIn/status/14507486753062913
Fortunately I wasn't emailed by hint.io. I know they meant well, but it feels shady, considering they headed off other people working to accomplish similar goals (presumably without sending from their startup's domain)[1]
http://news.ycombinator.com/item?id=1999410
I also got the email from hint.io, but it was marked as spam by GMail.
I was really glad when I found out about the incident that I used a throwaway password that wasn't the same as my GMail. I've been keeping track of more of my passwords with KeepassX, although I still use the same somewhat secure password on sites where it doesn't matter.
As a side note: I'm trying to brute force/crack my hash to test how secure my password is. I'm using John the Ripper with the command line:
So far, I'm 17 hours in at about 600000 c/s and it still hasn't been cracked, so I feel somewhat secure about it, although I realize DES is considered insecure.hxxp://www.linkedin.com.qwe0923fffuuu.biz/ or similar?
If I was a phisher, I would have sent such things to all leaked emails...
Greetings!
We’ve recently been informed that several Gawker Media websites have been compromised. These websites include Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, Deadspin, and Fleshbot. To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password. To complete the password reset, please log into Battle.net Account Management (https://us.battle.net/account/management) and follow the provided instructions.
If you are a registered commenter for any of these sites and used your Battle.net email address to sign up with Gawker Media, we also recommend that you update your Battle.net address as soon as possible via Account Management. If you are unable to complete this step or the password reset on your own and believe your account may be compromised, please contact our customer support staff by using the Account Recovery form (https://us.battle.net/account/support/account-recovery.html) and be sure to check out our Account Security Awareness guide (http://us.battle.net/en/security/) for additional security tips and suggestions.
For more information about this situation, please visit Gawker Media’s official announcement (http://gawker.com/5713056/gawker-security-breach-were-here-t...) or Lifehacker’s comprehensive FAQ (http://lifehacker.com/5712785/faq-compromised-commenting-acc...).
Regards, Blizzard Entertainment
But yeah, I'm sure for the majority of users this makes sense.