Computer security experts and news agencies worldwide are reporting an outrageous hack causing the leak of about 6.5 million LinkedIn passwords today. Below are details of the LinkedIn hack and tips to avoid identity theft due to this jeopardy.
Today’s message on one of the Russian forums stirred up the entire Internet community. A user nicknamed ‘dwdm’ announced to have succeeded in hacking the worldwide business social network LinkedIn, stealing 6.5 million users’ personal data. As an evidence of his ‘deed’, he published 6,458,020 hashed passwords online.Although this seemed likely to be a false alarm when the message came online, a number of Twitter users started confirming to have found their hashed passwords on the uploaded infamous list. The passwords appeared to be encrypted using the SHA-1 algorithm which is widely used for securing SSL and TLS connections. The latter are considered to be quite secure, so strong passwords might take a while to decrypt, whereas weak ones may turn out to be a ‘piece of cake’ for potential cyber intruders.
The Chief Research Officer at F-Secure Mikko Hypponen has verified the leaked database to contain genuine user data. He assumes the hacker might have taken advantage of some web interface exploit, i.e. a set of commands that allowed bypassing LinkedIn’s security due to known vulnerabilities. Hypponen also pointed out there’s nothing particularly wrong about keeping SHA-1 encrypted hashes as it has proven to be a fairly reliable and hard-to-crack algorithm used extensively in computer security. However, double hashing would have been a great idea to implement here to begin with – this would be an efficient countermeasure for password decryption.
LinkedIn has eventually made an official announcement via Twitter, stating that their team is “currently looking into reports on stolen passwords”. Whereas subsequent Tweets by the company haven’t explicitly confirmed the breach thus far, the leaked data is obviously out there.
Therefore, in case you have an account with LinkedIn, here is a set of tips to help you avoid falling victim to identity theft:
1. Change your password immediately:
2. Create a new strong password:
3. Other security tips:
LinkedIn has over 150 million users around the globe. This hack could affect less than 5 percent of its user base, but it may substantially influence this social network’s reputation.