Hackers have apparently accessed close to 6.5 million hashed passwords from a LinkedIn database andposted them and data associated with them online. So far,researchers say, about 60% of the unique passwords in the dump havebeen cracked and there are signs that the rest will soon be aswell. Here's some information for LinkedIn users specifically, and allInternet users in general. What happened? Surprisingly, it's not clear yet exactly whathappened. Earlier this week, a 118MB file containing 6,458,020 hashedpassword was posted on a Russian hacker forum. The posters saidthey needed help in cracking the passwords. Security analysts who inspected the data dump noticed that many ofthe passwords appeared to be associated with LinkedIn memberaccounts, which led to the conclusion that all the passwordsbelonged to members of the social networking site for businessprofessionals. It remains unknown is how the data was obtained, howlong the hackers may have had access to it, and what other datamight have been accessed. How has LinkedIn responded publicly to the reports? The company hassaid precious little so far. Apart from a brief blog post confirming that "some" member passwords were compromised, the company hassaid nothing about the nature or scope of the compromise. The company says it is investigating the incident. Did the hackers obtain email addresses associated with thepasswords? That remains unclear as well. To this point, only thepasswords have surfaced online. But security analysts believe it'slikely the hackers have accessed email addresses and other accountdata as well. If User IDs were not obtained what's the big deal? If so, thatwould diminish the seriousness of the compromise. Typicallyhowever, password data is stored along with other account details.So if someone had access to the passwords, they very likely hadaccess to other account information as well. The fact that the datahas not surfaced could mean that either the hackers don't have it,or they simply haven't released it. What does it mean to me? If you're a LinkedIn user, it's a goodidea to change your password, especially if you use the samepassword to access other online accounts. Make sure to use a STRONGpassword. If your password was compromised, you will not be able to use it tolog into your LinkedIn account. LinkedIn has said that it iscontacting users whose password has been compromised withinstructions on how to reset their password. The company has madeclear that the email with instructions on how to reset the passwordwill NOT contain any links. If you have not received an email yet,or if you are still able to access your account using your oldpassword, it means that either your password was not compromised,or that LinkedIn doesn't it yet. What measures had LinkedIn taken to protect member passwords?Embarrassingly little, or so it appears so far, researchers say. The breached passwords were all masked using a basic hashingalgorithm known as SHA-1. Though SHA-1 offers a degree ofprotection against password cracking attempts, the protocol is byno means foolproof. Numerous password cracking tools tools andtables that contain pre-computed hashes for billions of passwordsare easily available. Almost anyone can use these tables to decryptalmost any SHA-1 hash and recover it in plain text in in a matterof minutes. That explains why nearly all of the hashed passwordshave been cracked already . How could LinkedIn have done to protect the passwords better?Security experts say the company should have used a method known as"salting" to make its hashed passwords a lot harder to crack. Inthe salting process, a string of totally random characters isappended to a plaintext password before it is hashed. A salted hashis considered to be magnitudes times harder to crack than a regularSHA-1 hash. Salting is considered today to be an almost basicsecurity practice for protecting passwords. How can users be sure that more data was not accessed? Thatinformation must come from LinkedIn. It's possible that onlypassword data was stolen. It's equally possible that the intrudersgained access to email addresses as well. Similarly, it's possible that a lot more than 6.5 million passwordswere compromised. LinkedIn has over 100 million members. It'spossible that the hackers released the 6.5 million passwords toshow they have the goods to anyone interested in purchasing thepurloined data from them. LinkedIn can be a goldmine for identitythieves and phishers. Jaikumar Vijayan covers data security and privacy issues, financialservices security and e-voting for Computerworld. Follow Jaikumaron Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is . Read more about security in Computerworld's Security Topic Center. I am an expert from steelseamlesspipe.com, while we provides the quality product, such as API 5CT Tubing Manufacturer , Stainless Steel Coil Tubing Manufacturer, Stainless Steel Seamless Tube,and more.
Related Articles -
API 5CT Tubing Manufacturer, Stainless Steel Coil Tubing Manufacturer,
|