|
Security professionals suspect that the business-focused social network LinkedIn has suffered a major breach of its password database. Recently, afile containing 6.5 million unique hashed passwords appeared in anonline forum based in Russia. More than 200,000 of these passwordshave reportedly been cracked so far. The file only containspasswords hashed using the SHA-1 algorithm and does not includeuser names or any other data, security researchers say. However,the breach is so serious that security professionals are advisingpeople to change their LinkedIn passwords immediately. Update : LinkedIn says it is looking into reports of the hack, however wouldnot confirm reports that hackers accessed the site. It's unknown at this point how the file ended up on a public forumor exactly which site the passwords originate from; however, signsindicate this is indeed a breach of LinkedIn. Many of the crackedpasswords that have been published to the forum have the commonterm LinkedIn in them, Per Thorsheim a security advisor basedin Norway, told PCWorld. While terms such as Facebook, Twitter andother common online networks are almost nonexistent. Thorsheim wasone of the first security researchers to discover the leakedpassword file. One common way people create passwords for different websites is toadd the name of the site into the passphrase, says Thorsheim. Sosome people may use the password 1234Facebook for the world'slargest social network, and then 1234LinkedIn for LinkedIn andso on. With so many occurrences of the term LinkedIn, Thorsheimsays, it seems likely these are in fact LinkedIn passwords. Thorsheim also said he and at least 12 other sources he trustswithin the security community have found hashes of their ownLinkedIn passwords in the file. After hearing Thorsheim's story and using a copy of the leakedpassword file, I also found the hash for my own LinkedIn passwordafter running my passphrase through an SHA-1 hash generator.However, doing the same operation for the LinkedIn passwords of twoother PCWorld writers yielded no results. What's a Hash? An SHA-1 hash is an algorithm that converts your password into aunique set of numbers and letters. If your password is LinkedIn1234, for example, the SHA-1 hex output should alwaysbe abf26a4849e5d97882fcdce5757ae6028281192a. As you can seethat is problematic since if you know the password is hashed withSHA-1, you can quickly uncover some of the more basic passwordsthat people commonly use. Often, random bits -- known as salting --are added to a hash so that the output is harder to guess. But thatdoes not appear to be the case with these leaked passwords. What's also troubling security researchers is that the passworddatabase contains entirely unique passwords. It's unclear whetherthe people who leaked the password file have more passwords thathave not surfaced online. The file may, for example, be an attemptto crowd source the hacking of some of the more difficultpasswords. It's also unknown if the suspected attackers have usernames or other data tying these passwords to actual users. If you are a LinkedIn user, security professionals are advising youto change your password immediately as a precaution. Since 6.5million unsalted hashes have been exposed it does not matter howlong or difficult to guess your password is, Thorsheim says. Anyonewhose password has been exposed is at risk. You can change yourLinkedIn password by following this link and clicking the change link next to Password just belowyour profile photo. This has been a tough week for LinkedIn and security. The Next Web recently reported that an opt-in calendar feature in LinkedIn'sAndroid and iOS mobile apps was sending user data back to LinkedInservers as plain text. LinkedIn responded by saying it sends alldata back to its servers via an encrypted connection and neversaves any user data. LinkedIn has yet to respond to PCWorld's request for comment. But aTwitter account called LinkedIn News says the company is looking into reports of stolen passwords. The business-focused social network had 161 million users worldwideas of March 31. Connect with Ian Paul ( @ianpaul ) on Twitter and Google+, and with Today@PCWorld on Twitter for the latest tech news and analysis. We are high quality suppliers, our products such as Flat Tempered Glass Manufacturer , Heat Strengthened Glass Manufacturer for oversee buyer. To know more, please visits Low E Insulated Glass.
Related Articles -
Flat Tempered Glass Manufacturer, Heat Strengthened Glass Manufacturer,
| 
