Should LinkedIn Be Held Responsible?

Posted on June 07, 2012

Posted by Gerben Meijer in Industry News 0 Comments

Yesterday, LinkedIn reported that their website has been hacked resulting in 6.46 million passwords being stolen. After doing investigations all morning LinkedIn finally gave their statement via their blog: ”We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation…” They will be contacting any users whose passwords were compromised.

If it wasn’t bad enough that their website had been openly hacked, the hacker, to prove his feat, posted a list of all 6,458,020 encrypted passwords he stole onto a Russian forum. Leaking all of the information LinkedIn has kept private to the world.

The reason this happened is because the passwords were encoded using a weak encryption technique, SHA-1 cryptographic with unsalted hashes, making it easier to decipher the code using pre-computed rainbow tables (which can be used to decrypt unsalted password hashes easily)

As a line of defense and security practices for other websites to keep in mind, you should be using firewalls, web application firewalls, audits, keeping software up-to-date, etc. to ensure all users data are protected at all times.

Although it is important to feel secure in which ever web app, or app in general, you use, it’s just as important to take every security measure you can to protect your data. Shortly before making their statement LinkedIn posted a list of ways to protect your password yourself, find out their suggestions below:

Changing Your Password:

Never change your password by following a link in an email that you did not request, since those links might be compromised and redirect you to the wrong place.
You can change your password from the LinkedIn Settings page.
If you don’t remember your password, you can get password help by clicking on the Forgot password? link on the Sign in page.
In order for passwords to be effective, you should aim to update your online account passwords every few months or at least once a quarter.

Creating a Strong Password:

Variety – Don’t use the same password on all the sites you visit.
Don’t use a word from the dictionary.
Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
Complexity – Randomly add capital letters, punctuation or symbols.
Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.Never give your password to others or write it down.

For more information on LinkedIN’s next step, be sure to check out their blog as well as follow them on Twitter.

DISCOVER

Download the 27 tips for buying Cloud Infrastructure eBook