Ask HN: LinkedIn made me reset my password (my email was in the Gawker dump)

I appreciated that. I also appreciated them being vague about the reasoning. No need to call Gawker out.<p>Fortunately I wasn't emailed by hint.io. I know they meant well, but it feels shady, considering they headed off other people working to accomplish similar goals (presumably without sending from their startup's domain)[1]<p><a href="http://news.ycombinator.com/item?id=1999410" rel="nofollow">http://news.ycombinator.com/item?id=1999410</a>

That is exactly what they're doing:<p>"As a proactive security measure, we've reached out to users potentially affected by the gawker breach to change their password."<p><a href="http://twitter.com/#!/LinkedIn/status/14507486753062913" rel="nofollow">http://twitter.com/#!/LinkedIn/status/14507486753062913</a>

I got the following email from Blizzard as well as the one you mentioned from LinkedIn:<p>Greetings!<p>We’ve recently been informed that several Gawker Media websites have been compromised. These websites include Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, Deadspin, and Fleshbot. To help minimize the effects of this compromise and help keep your Battle.net account safe and secure, we’ve reset your account password. To complete the password reset, please log into Battle.net Account Management (<a href="https://us.battle.net/account/management" rel="nofollow">https://us.battle.net/account/management</a>) and follow the provided instructions.<p>If you are a registered commenter for any of these sites and used your Battle.net email address to sign up with Gawker Media, we also recommend that you update your Battle.net address as soon as possible via Account Management. If you are unable to complete this step or the password reset on your own and believe your account may be compromised, please contact our customer support staff by using the Account Recovery form (<a href="https://us.battle.net/account/support/account-recovery.html" rel="nofollow">https://us.battle.net/account/support/account-recovery.html</a>) and be sure to check out our Account Security Awareness guide (<a href="http://us.battle.net/en/security/" rel="nofollow">http://us.battle.net/en/security/</a>) for additional security tips and suggestions.<p>For more information about this situation, please visit Gawker Media’s official announcement (<a href="http://gawker.com/5713056/gawker-security-breach-were-here-to-help" rel="nofollow">http://gawker.com/5713056/gawker-security-breach-were-here-t...</a>) or Lifehacker’s comprehensive FAQ (<a href="http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media" rel="nofollow">http://lifehacker.com/5712785/faq-compromised-commenting-acc...</a>).<p>Regards, Blizzard Entertainment

Kudos to linkedin if that's what they are doing.<p>Proactive security response.

I also got this email. I suspected it due to the Gawker incident, although I wasn't sure. I wish they had been a little bit more specific.<p>I also got the email from hint.io, but it was marked as spam by GMail.<p>I was really glad when I found out about the incident that I used a throwaway password that wasn't the same as my GMail. I've been keeping track of more of my passwords with KeepassX, although I still use the same somewhat secure password on sites where it doesn't matter.<p>As a side note: I'm trying to brute force/crack my hash to test how secure my password is. I'm using John the Ripper with the command line:<p><pre><code> john -session:testing -incremental test.txt </code></pre> So far, I'm 17 hours in at about 600000 c/s and it still hasn't been cracked, so I feel somewhat secure about it, although I realize DES is considered insecure.

Me too. So far today I've been locked out of GMail, LinkedIn and Twitter. I thought it might be due to failed login attempts with a bad password, but it sounds like it's all just proactive lockouts based on being in the file.

Yes. This happened to me too. And my e-mail was in the Gawker dump too. In fact I changed passwords of all my online accounts and completely forgot about LinkedIn. But I appreciate them doing this.

And the "LinkedIn website" link was not like that?<p>hxxp://www.linkedin.com.qwe0923fffuuu.biz/ or similar?<p>If I was a phisher, I would have sent such things to all leaked emails...

Maybe it's a phishing attempt? Be careful!

So I give kudos to linkedin for being proactive, but I actually do create a different password for every site (stored in Password Safe/LastPass), so I'm not looking forward to having to change all my passwords for no reason.<p>But yeah, I'm sure for the majority of users this makes sense.

Makes me feel better. I was "pretty sure" that i had only used Twitter OAuth to comment, and have been unable to confirm that. I haven't received an email from hint.io or a reset from LinkedIn so a little safer.

That's fine if that's their reasoning, but I got 4 or 5 emails to the same effect. None of which really explained WHY I was being prompted so many times, so I dismissed them all as spam/phishing.

I had the same email from linked in this morning but became suspicious because yesterday, I was locked out of both my gmail and twitter accounts. Guess I'll be staying tuned.

My email wasn't in the Gawker dump and yet both my LinkedIn accounts got emails telling me to reset the password

Happened to me too. I'm glad it was a proactive measure and not some script kiddy trying to access my account.

I noticed I was locked out of Twitter today too

Nice, hopefully more sites will do this.

I'm impressed.