Information Security Bulletin
Issue #2012-04
Raising awareness of information security related issues and concerns.
Stolen Username/passwords (June 2012)
Thieves are working overtime and stealing files with usernames and passwords from large social-networking sites.
Some of the recent major breaches are listed below but this is not an exhaustive list. If you have accounts with any of the
sites listed below, you will want to take appropriate action to include changing the password immediately. If you used the same
password in multiple places, change that site’s password too. Be alert! Spammers are already sending out emails trying to trick
people into clicking a link to take them to a look-alike site. Use the links below or go directly if you have the site bookmarked.
Whether the website requires it or not, we strongly recommend that whenever possible, your passwords be a minimum
of 8 characters in length (12 is better) and include numbers, special characters and a combination of upper and lower case.
Recent breaches include:
LinkedIn - a professional social networking site with approximately 161 million members and 2 million companies. The
theft occured in June, 2012. If you have a LinkedIn account, instructions on changing your password can be found at: http://
blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/ If you do not have
an account, no action is required.
eHarmony - a popular online dating service with over 20 million registered users. The theft occurred in June 2012. If
you have an eHarmony account, instructions on changing your password can be found at http://help-singles.eharmony.com/app/
answers/detail/a_id/559/related/1/session/L2F2LzEvdGltZS8xMzM5MTY2NjIwL3NpZC9GTTRFZzktaw%3D%3D If you do
not have an account, no action is required.
Last.fm - a popular music website currently owned by CBS Interactive with approximately 30 million users. Some security
researchers believe this breach began over a year ago and the majority of the passwords have been cracked. If you have a Last.
fm account, instructions on changing your password can be found at http://www.last.fm/passwordsecurity
Zappos - a popular online shoe and clothing store owned by Amazon with approximately 24 million users. Zappos has
already reset and expired passwords after their breach earlier this year. http://www.zappos.com/passwordchange?zlfid=2
Zappos has also re-opened their customer service phone lines at 1-800-927-7671.
For further reading about maintaining quality passwords, we recommend:
• Password Protection: How to Create Strong Passwords http://www.pcmag.com/article2/0,2817,2368484,00.asp
• Microsoft’s Safety & Security Center http://www.microsoft.com/security/online-privacy/passwords-create.aspx
If you are still using an EP-birthdate (EP-mmddyy) style of password, please change it to something that does not
begin with EP-. If you are already using a strong password, thank you and no additional action concerning your college
accounts is necessary.
Information Security Team:
Cheryl Bowman, Information Security Risk Advisor 831-6574 cbowman@epcc.edu
Richard Becker, Security Analyst 831-6411 rbecker3@epcc.edu
Richard Buller, Chief Information Security Officer 831-6312 rbuller@epcc.edu
The El Paso County Community College District does not discriminate on the basis of race, color, national origin, religion, gender, age, disability, veteran status, sexual orientation, or
gender identity.