In what should be old news by now, back in June, LinkedIn‘s servers were breached, leaking around 6.5 million user names and passwords. Hackers were then able to determine (for the most part) what passwords were associated with the hashes and accounts. While this may have compromised LinkedIn accounts, the greater problem is with any other accounts that happen to use the same username and password.
In my case, the only such pair was LinkedIn and Stamps.com, which was a bit sloppy on my part, but since I’m not in the habit of re-using passwords at all, it hadn’t occurred to me, nor had it occurred to me that this would present a problem until somebody managed to send an express package from the Ukraine, charging my account for it, to the tune of $60 or so.
While I’m kicking myself for this, it could have been a lot worse, even if I were to use the same password for email, which would then have allowed hackers to intercept “lost password” requests for all the accounts I have which don’t use the same passwords.
The lesson I take away is that even accounts I consider “unimportant” because they’re not linked to credit cards or can be used to make purchases should be given random passwords rather than common, disposable passwords. And, of course, chaining accounts is bad.