Nmedia - Fotolia

LogMeIn resets user passwords lifted from LinkedIn, Tumblr and MySpace hack data dumps

Remote device management supplier acts after discovering reused customer account credentials in data breach dumps from LinkedIn, Tumblr and MySpace

LogMeIn has set about resetting the account passwords of customers who may feature on lists of stolen user login details, lifted during past attacks on a number of high-profile social networks.

The remote device management said it cross-checked the log-in credentials of its user base against lists containing “hundreds of millions” of passwords stolen during past data breaches at LinkedIn, Tumblr and MySpace.

In the wake of this activity, it has now taken the precautionary step of resetting the log-in credentials of customers whose password reuse habits may have put them at risk of data theft, the company confirmed in a blog post.

“LogMeIn actively looks for situations where the accounts of our users could be at risk—even if the threat is external to our service,” the blog post stated.

“In this particular case, we identified users who may be at risk because of password reuse. Out of an abundance of caution, we proactively reset those users’ LogMeIn passwords.”

The LinkedIn credentials are thought to originate from the high-profile data breach that blighted the social network in 2012, after the email addresses and passwords of more than 100 million of the site’s users surfaced online in May 2016.

Around the same time, similar data dumps from past breaches at the social networking site MySpace and Yahoo-owned blogging platform Tumblr also emerged, with the former containing details of more than 360 million user accounts.

Read more about data breaches

Computer Weekly contacted LogMeIn for further guidance on how many customer accounts were affected by this issue, but was still awaiting a response at the time of publication.

LogMeIn competitor GoToMyPC has also moved to embark on a similar password reset exercise, after suffering a “sophisticated attack”.

In a security alert, dated 19 June 2016, the company said users will need to reset their passwords to use its remote PC access services, before advising them to adopt two-step verification tools to protect their accounts in future.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Security policy and user awareness

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hi! it was big problem for me, i change logmein to LiteManager remote access software it is help me
Cancel
1, Thanks, LogMeIn, for helping keep me safe. I really do appreciate that.

2. Who gave you permission to go rooting through my private passwords? I suppose I did, somewhere on page 17 of your TOS, but still....

3. Security is far more complex than we ever imagined. 
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close