6.5M LinkedIn passwords leaked

by | Jun 8, 2012 | Security

Security_June08_AOne of the first things Internet users do when they sign up for a new service, or become a member of a website, is register a password they believe to be unique. This password is often the main form of visible security users have, and they trust websites with them. If a hacker gets hold of a password, it’s a big problem. This recently happened to LinkedIn users.

LinkedIn is a popular social media site that caters to professionals and helps them to network and find jobs. In the past few days, news stories have emerged about how members’ passwords were leaked online.

How passwords work
The password you enter to access a website like LinkedIn acts as a handshake to confirm that the user trying to access the account is who they say they are. Remember the last time you signed up for a new account, and had to enter the password you’re going to use? The owner of the website stores that password in a, normally encrypted, file and tells the Web page to reference this file when you log in. If the passwords match, you’re allowed in. If not, you get the password error page.

What happened?
A hacker discovered a way to exploit the calendar feature in the LinkedIn mobile app. Basically, when the calendar in LinkedIn was updated, the information, including your password is encrypted and sent to LinkedIn’s servers, which then update your profile with the information. The hacker developed a way to grab the encrypted password data for around 6.4 million users.

The hacker then published the encrypted passwords online for other people to decrypt. LinkedIn has released an update to the mobile apps to plug this leak, but the passwords are still online.

What does this mean for me?
The chances of your account’s password being among the ones leaked is pretty small. However, if your password was posted, someone with programming and encryption knowledge could decipher it, and gain access to your account. If this happens, this poses a security risk as they will be able to access any and all data you have stored on that account. Beyond that, if you use the password for other accounts, they could gain access to them also.

How do I know if my password was compromised?
LinkedIn knows of the leak and has taken steps to minimize the damage.

  1. When you next try to log in to your LinkedIn account, you’ll get a message telling you the password no longer works.
  2. LinkedIn has emailed users whose passwords have been leaked informing them to change their password. This email has no links in it, so if you get an email supposedly from LinkedIn with links to change your password, DON’T click on the link. There have been reports of such emails (with links) being sent out. These emails are phishing schemes which aim to steal your password.
  3. LinkedIn will send you a follow-up email explaining more about what happened and why you were asked to change your password.

Alternatively, you can go to lastpass.com and test your password.

If you haven’t received an email, your password probably wasn’t leaked. We do suggest that, for security reasons, you change your LinkedIn password as soon as you can. You can do this by:

  1. Going to LinkedIn’s website and logging in.
  2. Hovering your mouse over your name in the top right corner of the window and selecting Settings from the drop down menu.
  3. Clicking on Account located in the pane underneath your profile picture. If you don’t see Account click on the grey shield icon.
  4. Selecting Change password and following the instructions.

If you feel that your accounts are unsecured, or would like to enhance your current security, please contact us. We may have a solution for you.

Published with permission from TechAdvisory.org. Source.

Related Posts

What is a Network Security Assessment?

What is a Network Security Assessment?

A network security assessment is a vital process that reveals the secrets of evaluating and strengthening your network defenses. In today's interconnected world, where cyber threats lurk around every corner, understanding the concept and purpose of a network security...

Preventing Phishing Attacks with Managed IT Services

Preventing Phishing Attacks with Managed IT Services

Phishing attacks have risen recently as many businesses store sensitive data online. Studies show that three billion phishing emails get sent daily. One of the best ways of preventing phishing attacks is by investing in managed IT services, and you’ll see how....

Cybersecurity Best Practices of 2022

Cybersecurity Best Practices of 2022

Cybersecurity threats are becoming increasingly popular as businesses digitalize their operations, calling for cybersecurity best practices. According to Identity Theft Resource Center’s data breach report, data breaches increased from 1,108 in 2020 to 1,603 data...

FIND OUT WHAT YOUR BUSINESS SHOULD EXPECT TO PAY
FOR HOUSTON TECH SUPPORT

Give us a call and discover how great local IT services and computer support can be!