June 20, 2012 Cam Levack
The online world is buzzing with reports that 6.5 million encrypted passwords to professional networking site LinkedIn have been leaked.
On June 6, LinkedIn Director Vicente Silveira confirmed the hack on the company’s blog and outlined steps to deal with it. He emphasized that LinkedIn takes member security “very seriously”. LinkedIn has promised to contact affected users, and has disabled some passwords.
Recently, LinkedIn’s security staff detected a major breach of its password database. A file containing 6.5 million shared passwords showed up on a Russian “online forum” (i.e. hacker site.) Some believe that 200,000 passwords have already been cracked.
How did the file show up on a public forum? From which site did the passwords originate? We can be sure that LinkedIn is looking for answers. It is known that many of the cracked passwords published to the forum use the common term “LinkedIn”, according to PC World.
It’s not uncommon to create a series of passwords with a common word or phrase, and then adding the appropriate suffix. For example, a person might use “1234LinkedIn”, “1234FaceBook”, etc.
These days, passwords are required for virtually everything, and you can’t blame people for trying to simplify the process. But such compromises can put you in jeopardy.
Many sites requiring passwords coach you on creating a secure one. If you’re curious about the worst passwords, just check the list.
Even if you’re not contacted by LinkedIn, it’s a good idea to go to your home page, ASAP, and change your password. The process is straightforward. While you’re at it, consider changing other passwords and PIN numbers. Chances are you’ll sleep better.
Simply put, LinkedIn’s paying for popularity. With more than 161 million users worldwide (as of March 31), the professional network represents a sizable target for hackers. You won’t make the Hacker Hall of Fame by breaking into a little-known site. You want the big networks – and LinkedIn is.
Cam Levak, Raven5 Ltd, Toronto, June 2012