The first email was a message from Gawker Media stating that my account may have been compromised and somewhat downplayed the risk. Ironically, the risk it downplayed was the use of the same password across many/all sites (a very common practice) which was exactly the practice that led to penetration of the Gawker site and ultimately the release of all 1.3 million account details (including mine! :( ) including passwords.
The second was an email from LinkedIn stating that my account may have been compromised. Sound familiar? Well, I figured that someone had decrypted my password and was attempting to use it at another site (it must have failed I figured because I sometimes used slight variations). So I began my trek to change my password on every site. It's now a 15 character GRC-generated password consisting of ASCII characters (so '!@#$%^&*(), etc. are all possible values).
The third email was also from LinkedIn clarifying the first LinkedIn email. It seems they downloaded and scanned the database of Gawker accounts and checked the email against their own user database. When they found a match, they sent out an email to every email account listed as associated with that user.
As much faith in my fellow programmers the Gawker hack destroyed, LinkedIn has singlehandedly restored it.
Simply amazing.
No comments:
Post a Comment