[Cyberwar Central Links & Resources][Cyberwar Central][Cyberwar Central Members Area]

            
  

 


  << Previous Topic | Next Topic >>Return to Cyberwar Central  

LinkedIn investigates 'theft' of 6.5 million passwords

June 6 2012 at 10:20 PM
Jake Rialto  (Login jrialto)

 
LinkedIn investigates 'theft' of 6.5 million passwords

LinkedIn, the professional networking website, is investigating claims that 6.5 million of its users' passwords have been stolen and published on a Russian computer hacking forum.

According to security experts the passwords are circulating in the form of a cryptographic “hash”, which converts text into a seemingly random string of numbers and letters using a mathematical formula.

It means anyone wishing to use the hashed passwords would need some technical expertise and time to recover their original characters.

When he posted the passwords online on Tuesday, a hacker with the username "dwdm", appealed for help from fellow hackers to crack the hashes and access the original passwords. By Wednesday morning they claimed to have revealed hundreds of thousands.

LinkedIn users were warned by some experts to change their passwords as soon as possible as a precaution.

http://www.telegraph.co.uk/technology/news/9314332/LinkedIn-investigates-theft-of-6.5-million-passwords.html

 
 Respond to this message   
AuthorReply

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 7 2012, 12:08 AM 

Read about this in the afternoon, have already changed my LinkedIn password.

Ironically (I suppose) I was at an RSA training session on NetWitness and enVision (and Archer to a lesser extent) today... wink.gif


logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
Sheogorath
(Login Sheogorath)
CWC Member

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 7 2012, 2:22 PM 

Thanks for sharing.


Photobucket

 
 

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 8 2012, 11:15 AM 

So how many of you have went in and changed your LinkedIn password?

By the way JR, thanks for posting this, it is very hard to stay on top of all the data breaches that occur on weekly basis.


logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
Anonymous
(Login jrialto)

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 8 2012, 1:00 PM 

I didn't change mine tbh.

I change passwords for sites every three months.

It's long and complex enough to withstand brute forcing, and rainbow tables of over eight characters with 96 combinations are not in general circulation.

By the time they do get it, it will have depricated and been replaced. And that's the whole point of passwords. Keep them out until the information is useless or until the authentication credential has changed. And then their efforts must begin again.

If a government agency wants to crack my LinkedIn password, they're welcome. I don't use this password on any business system.

On the other hand, there are people who use a common password across all systems.

There is a bumper crop of low medium and high level people in business and government in there.

 
 

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 12 2012, 11:55 PM 

A little update from LinkedIn...
LinkedIn Offers Information, Apology for Security Breach

By: Nathan Eddy, 2012-06-10

The social networking company issues an apology and answers questions related to a security breach last week.

In the wake of a massive security breach on the business networking site LinkedIn, which resulted in the leaking of roughly 6.5 million user passwords and their subsequently being published on an unauthorized Website, the company has issued a blog post to answer some of the most frequently asked questions about the breach. The company has also enlisted the help of the FBI for an investigation into the breach.

"We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation," wrote LinkedIn director Vicente Silveira. "We take this criminal activity very seriously, so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime."

Silveira noted the compromised passwords were not published with corresponding email log-ins, and that the majority of passwords were "hashed", meaning they were still encoded; however, he confessed that a subset of the passwords was decoded. Silveira also stressed that the only information published was the list passwords. "We are not aware of any member information being published at any time in connection with the list of stolen passwords," he wrote.

Also addressed was the speed of LinkedIn’s response to the breach, reports of which first surfaced last Wednesday. Silveira said the company launched an investigation immediately after receiving confirmation of the breach, and by the end of Thursday, all passwords on the published list that were believed to have created risk for LinkedIn members had been disabled. "This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords," he wrote. "Once again, we truly apologize for any inconvenience this has caused you, our members."

Stolen passwords aren’t the only thing social media users have to worry about, a recent report from IT research firm Gartner indicated. The study found that corporate monitoring of employee behavior on social media sites like Facebook, Twitter or LinkedIn will rise to 60 percent by 2015. The report also raises the question of who is actually looking at this information and the parties who have access to employee-monitoring tools, as well as the ethical and legal issues involved.

Users should also be aware of their activities on social media sites and how that impacts their prospects of being hired. An April study from job-search site CareerBuilder shows that more than a third of companies (37 percent) polled use social networking sites to research job candidates. About a third (34 percent) of hiring managers who currently research candidates via social media said they have found information that has caused them not to hire a candidate, according to the report. That content ranges from evidence of inappropriate behavior to information that contradicted their listed qualifications.

http://www.eweek.com/c/a/Security/LinkedIn-Offers-Information-Apology-for-Security-Breach-395006/?kc=EWKNLSTE06122012STR3





logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
E7
(Login E7)

...

June 13 2012, 1:16 AM 

Don't use LinkedIn..

----------------------------------------------
[linked image]

 
 

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 13 2012, 1:33 AM 

Don't use LinkedIn.

Is that suggestion or a statement?


logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
E7
(no login)

...

June 13 2012, 2:03 AM 

"I" don't use LinkedIn.

 
 

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 13 2012, 2:20 AM 

All I can say regarding not using LinkedIn is that most recruiters use it (almost exclusively) now and most prospective employers will look you up on LinkedIn prior to inviting you to an interview even after being given a resume by a recruiter.


logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
E7
(Login E7)

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 13 2012, 3:42 AM 

Meh.. never really needed it to be honest. I've accumulated some decent contacts over they years.

 
 
Jake Rialto
(Login jrialto)

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 13 2012, 1:04 PM 

Our company has switched to it exclusively for recruitment.

 
 

Coalde
(Login cwc.mgmt)
Forum Owner

Re: LinkedIn investigates 'theft' of 6.5 million passwords

June 16 2012, 1:08 PM 

@JR

I know a lot of companies that pretty much use LI exclusively as well.

Interesting article about whether their carelessness will drive them under...I have my doubts that this data breach will cost them much ultimately.
Have LinkedIn's security woes permanently damaged the social network?

Security breach grabs headlines, but will users pack up and leave?

By Sharon Gaudin, June 14, 2012 03:50 PM ET

After hackers last week breached the LinkedIn site, stealing more than 6 million user passwords, analysts are debating whether the attack will cause long-term damage to the social network.

In the attack, users' passwords were posted publicly to a Russian hacker forum. The incident garnered a lot of headlines, both in the trade and mainstream news media, and LinkedIn was accused of using lax security and having nothing more than light encryption to safeguard its users' data.

Many companies besides LinkedIn suffer security breaches. What's causing the furor over the LinkedIn breach is that the company makes its name and its money from user data, yet it failed to take what security experts would call adequate steps to secure its bread and butter.

Critics accuse the company of failing to protect its users. Will users stand by their social network or will they flee?

"This is a business site focused on business users who generally don't take well to negligence, particularly when it comes to their passwords and IDs," said Rob Enderle, an analyst with the Enderle Group. "I think this attack will do lasting damage and open the door for competition. But I don't see a competitive choice positioning against the opportunity, so LinkedIn may do better than they otherwise would as a result."

While LinkedIn's security lapse could drive people away, users of social networks have proved to be immensely loyal and willing to take hits without leaving their favorite sites.

Facebook, for instance, has had a handful of highly publicized privacy issues that drew heated criticism from its users. Industry analysts predicted an exodus of unhappy users. While some dribbled off the site in frustration, there was never a mass exodus.

Social networking users may get frustrated and angry and post nasty tweets on Twitter, but they want to be where their friends are. They want to see their cousin's news updates and their college roommate's vacation pictures. They rarely leave.

In an emailed statement, LinkedIn spokeswoman Erin O'Harra said: "I can confirm that the health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident."

"I've seen some users post via Twitter that they are leaving LinkedIn as a result of this incident, or rather the headlines spurred them into realizing that they never used LinkedIn so they might as well zap their accounts," said Graham Cluley, a senior technology consultant with security company Sophos. "I have no indication that people are leaving in droves, however."

Cluley said LinkedIn's recent troubles are also putting the spotlight on other social networks and their level of security.

"Many of the social networks have suffered from security and privacy problems, although there's no suggestion that they have made the same mistake regarding password security," Cluley added. "As LinkedIn likes to present itself as the professional, business-focused social network, it's particularly disappointing that they didn't have fairly elementary security in place."

LinkedIn is no fledgling social networking startup with little money or experience. After a successful initial public offering in May 2011, the company should be able to hire a barrage of security experts, the analysts noted.

This makes the breach harder to understand, Enderle said. "Security problems certainly haven't been uncommon for social networks, but given [LinkedIn's] cash position and the amount of warning, this issue should have been addressed," he said. "It makes the management team appear too inexperienced for a firm of this size ... Negligence in a public company typically is a very bad thing because it can force changes at top executive levels."

As for LinkedIn's users, Patrick Moorhead, an analyst with Moor Insights & Strategy, said few will probably leave the site simply because there are few alternatives for a business-oriented social network.

"LinkedIn's reputation is taking hits from industry insiders and techies," he said. "But these kinds of things blow over quickly and won't leave any permanent marks. At least in North America, there isn't a competitor with much scale for users to go to."

http://www.computerworld.com/s/article/9228122/Have_LinkedIn_s_security_woes_permanently_damaged_the_social_network_



logo6_reasonably_small.pngtagline2.pnglogo6_reasonably_small.png


 
 
 
  Respond to this message   
  << Previous Topic | Next Topic >>Return to Cyberwar Central  
Find more forums on SocietyCreate your own forum at Network54
 Copyright © 1999-2014 Network54. All rights reserved.   Terms of Use   Privacy Statement  
      free countersMember of The Internet Defense League   [Exchange Links with CWC]