Nmedia - Fotolia

LogMeIn resets user passwords lifted from LinkedIn, Tumblr and MySpace hack data dumps

Remote device management supplier acts after discovering reused customer account credentials in data breach dumps from LinkedIn, Tumblr and MySpace

LogMeIn has set about resetting the account passwords of customers who may feature on lists of stolen user login details, lifted during past attacks on a number of high-profile social networks.

The remote device management said it cross-checked the log-in credentials of its user base against lists containing “hundreds of millions” of passwords stolen during past data breaches at LinkedIn, Tumblr and MySpace.

In the wake of this activity, it has now taken the precautionary step of resetting the log-in credentials of customers whose password reuse habits may have put them at risk of data theft, the company confirmed in a blog post.

“LogMeIn actively looks for situations where the accounts of our users could be at risk—even if the threat is external to our service,” the blog post stated.

“In this particular case, we identified users who may be at risk because of password reuse. Out of an abundance of caution, we proactively reset those users’ LogMeIn passwords.”

The LinkedIn credentials are thought to originate from the high-profile data breach that blighted the social network in 2012, after the email addresses and passwords of more than 100 million of the site’s users surfaced online in May 2016.

Around the same time, similar data dumps from past breaches at the social networking site MySpace and Yahoo-owned blogging platform Tumblr also emerged, with the former containing details of more than 360 million user accounts.

Read more about data breaches

Computer Weekly contacted LogMeIn for further guidance on how many customer accounts were affected by this issue, but was still awaiting a response at the time of publication.

LogMeIn competitor GoToMyPC has also moved to embark on a similar password reset exercise, after suffering a “sophisticated attack”.

In a security alert, dated 19 June 2016, the company said users will need to reset their passwords to use its remote PC access services, before advising them to adopt two-step verification tools to protect their accounts in future.

Read more on Security policy and user awareness