Beware Poor Passwords – The LinkedIn Data Leak

Hacker - Salvatore Vuono

 

Do you remember the recent LinkedIn data leak?

Some 117 million usernames and passwords of LinkedIn users were put up for sale on the dark web, which were believed to have been stolen back in 2012.

LinkedIn is not the only company that fails to secure its services properly. It’s becoming an alarmingly common trend and you can take your pick from any number of high profile organisations that have been hit by data breaches.

But are these big businesses really to blame?

Granted, you would hope their platform’s were secure, but any hacker, if determined enough, will work out a way of breaking through their security, which is why it’s so important to accept responsibility for your personal information.

I should just mention that LinkedIn has recently taken steps to protect its 400 million members and has sent out a mass email explaining these steps.

LinkedIn statement

This is what LinkedIn had to say about the matter:

What Happened?

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.

What Information Was Involved?

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

What We Are Doing

We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

What You Can Do

We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.

For More Information

If you have any questions, please feel free to contact our Trust & Safety team at tns-help@linkedin.com. To learn more visit our official blog.

Poor passwords

According to The Register a company called Kore Logic got hold of some of the hacked LinkedIn passwords and analysed the data to find out what passwords people are using.

You will be as shocked as we were at the results.

In descending order these are the most common passwords for LinkedIn accounts:

  • 123456
  • linkedin
  • password
  • 123456789
  • 12345678

‘123456’ is used more that than a million times while the second-placed ‘LinkedIn’ comes in at 207,000 times. And it’s startling to see ‘password’ is still used as a password.

The moral of this tale is to create passwords that are complex and difficult to guess. Use a mixture of numbers, letters, lower and upper case, and symbols.

Yes, they will be tough to remember, but you call always create a password protected spreadsheet to hold all your password information or use one of the many password management tools that are available.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard