Dashlane, a desktop and mobile app which helps you login to websites, fill out forms and speed through checkout faster, has launched a new feature which will alert you if one of your web accounts may have been compromised. This addresses a growing need, as hacks like those at companies like Zappos, LinkedIn, Dropbox and others seem to be making the news every few weeks. With a feature Dashlane is simply calling “Security Breach Alerts,” the idea is to offer users the online equivalent of the phone call from your bank when it’s suspected your credit or debit card may have been stolen. Dashlane thinks that online users should have the same sense of protection.

To be clear, the feature is not an early warning system for individual user accounts (unless the hackers actually post that data), as doing so would require a level of access which a third-party service like Dashlane can’t offer. Instead, the company monitors all security breach news and then identifies which of its users have accounts on the compromised domain. It knows this because one of the key features of its software is its ability to save the username and password you’ve configured with a particular website or service, or help you automatically create a secure one. When alerting users that a company may have just suffered a breach, Dashlane will also recommend that users change their password immediately and help them do so.

The alerts arrive on mobile, via the Dashlane iOS app, or on the desktop, via Dashlane’s downloadable software. The new feature is now available in the most recent updates to the desktop and mobile apps, which also include a few other interface and performance improvements. You can grab either from the Dashlane homepage here.

Article courtesy of TechCrunch

Shortly after it was reported that nearly 6.5 million LinkedIn account passwords were leaked onto the net, LinkedIn leapt into action and mounted their own investigation.

Though most of the morning was spent claiming that they could not confirm a security breach, a new announcement on their blog reveals that at least some of those leaked passwords correspond to LinkedIn accounts.

There are still plenty of unanswered questions here though. The company has yet to offer their official word yet on just how many users were impacted, how the accounts were compromised, or whether or not the email addresses that correspond with those passwords were also leaked. LinkedIn’s Vicente Silveira was quick to note that the investigation is far from over though, and with any luck they’ll soon discover and disclose those details very soon.

In the meantime, the company notes that users who have already changed their passwords (you already did, right?) or created a new account won’t have to worry, as they have recently begun hashing and salting their current password databases.

In case you’re curious about the sorts of passwords that appear in the sizable password hash dump, the team at FictiveKin have launched a tool called LeakedIn that takes a text input, hashes it with the SHA-1 algorithm, and checks it against the leaked file. So far, the usual suspects like “linkedin” and “password” are among those that have been leaked, though with passwords that weak it’s no surprise they were among the first to be cracked.

@jwherrman poor Sunep. Spelling his name backwards seemed like such an awesome password idea.

—
Ross Neumann (@rossneumann) June 06, 2012

Here’s the company’s statement regarding what they intend to do for affected users:

We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.

These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

Article courtesy of TechCrunch