As explained in this AP story, "Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users’ passwords were stolen and millions appear to have been leaked onto the Internet."
I work for a large employer, and our IT director just emailed the entire community saying (1) if we have accounts with LinkedIn or eHarmony, we should immediately change our passwords; and (2) if we use the same password for other online sites or services, we should change those passwords too.
Questions: (1) Have there been serious adverse consequences from similar past leaks of online passwords and other private information? (2) What policies would tend to prevent similar future leaks? (3) What policies or actions tend to mitigate the adverse consequences of these types of leaks once they have occurred?
Comments