9 of 20Image
June: LinkedIn password breach affects 6.46 million users
A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format.
LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset emails were sent out. The later cleanup effort cost the professional social networking company around $1 million, and another $2-3 million in forensic work and security upgrades.
Password breach hits 1.5 million eHarmony users
Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.
- Read more: Sex Tech: eHarmony password scandal
Last.fm next in line to suffer massive password breach
Next in line to suffer a security breach in June was Last.fm, which after claims of a similar attack on the online music social network. (ZDNet and Last.fm are both owned by CBS).
It became quickly apparent that the incidents were linked, but led to further widespread criticism of the password encryption standards and security features offered by Web services. In the aftermath, many Web sites and services bolstered their security to prevent such breaches occurring again.