LinkedIn has yet to respond to PCWorld’s request for comment. LinkedIn responded by saying it sends all data back to its servers via an encrypted connection and never saves any user data. The Next Web recently reported that an opt-in calendar feature in LinkedIn’s Android and iOS mobile apps was sending user data back to LinkedIn servers as plain text. This has been a tough week for LinkedIn and security. You can change your LinkedIn password by following this link and clicking the “change” link next to “Password” just below your profile photo. However, on May 16, 2016, 117 million LinkedIn accountsreportedly from the 2012 hackwere found to be up for sale on a hacker site. LinkedIn sent a request to known hacked users advising them to change their passwords. Anyone whose password has been exposed is at risk. LinkedIn was breached in 2012 with a reported 6.5 million user accounts compromised. However, since 6.5 million unsalted hashes have been exposed it does not matter how long or difficult to guess your password is, Thorsheim says. Regarding this issue, LinkedIn’s Silveira wrote: “It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.” It’s also unknown if the suspected attackers have user names or other data tying these passwords to actual users. The file may, for example, be an attempt to crowd source the hacking of some of the more difficult passwords. It’s unclear whether the people who leaked the password file have more passwords that have not surfaced online. What’s also troubling security researchers is that the password database contains entirely unique passwords. But that does not appear to be the case with these leaked passwords. Often, random bits–known as salting–are added to a hash so that the output is harder to guess. If your password is “LinkedIn1234,” for example, the SHA-1 hex output should always be “abf26a4849e5d97882fcdce5757ae6028281192a.” As you can see that is problematic since if you know the password is hashed with SHA-1, you can quickly uncover some of the more basic passwords that people commonly use. What’s a Hash?Īn SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. However, doing the same operation for the LinkedIn passwords of two other PCWorld writers yielded no results. And never again use the same password on multiple websites," he said.After hearing Thorsheim’s story and using a copy of the leaked password file, I also found the hash for my own LinkedIn password after running my passphrase through an SHA-1 hash generator. "If you were using the same passwords on other websites - make sure to change them too. He said users should ensure the password you use is not used on any other websites, and hard to crack. However 6. Some of those were mangled, so the real number was a bit lower. That number was actually number of unique unsalted SHA-1 hashes. "Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals," Cluley said in a blog post.Īs a result, Cluley said, "it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step." One of the fascinating things about the breach back in 2012 is that 6.5 million compromised accounts became the official number of compromised users. Graham Cluley of the British security firm Sophos said the posting "does contain, at least in part, LinkedIn passwords." Several security researchers reported the breach posted on a Russian hacker forum. Stay tuned for more," the company said in a Twitter message. "Our team is currently looking into reports of stolen passwords. The settlement agreement falls within the range of possible. (Washington, USA) - The professional social network LinkedIn said Wednesday it was probing a possible data breach after reports said more than 6.4 million passwords were stolen. A LinkedIn proposed 1.2 5 million class action settlement was granted preliminary approval by a California federal judge over a 2012 data breach, in which customers alleged that they were deceived about the data protection policies held by the professional networking website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |