Search This Blog

Friday, June 8, 2012

LinkedIn hacked - what is compromise of password ?

In earlier decades, work in Office was different – everything was on hard copies of volumes of paper, kept in place by ubiquitous clips, binders, files and more……….  Today’s life offers a different set of problems ……. Troubles, if you think them to be.. of test to your memory all the time.

Most probably you encounter putting your User ID and PW in : probably your mobile; your Office for signing your attendance; accessing your laptop / desktop; checking your mails in your official ID in your Office environment; your Bank account; Online transactions; your personal mail IDs [curse the fortune of some who have more than one ID]; your social networking sites like – Facebook, Linkedin Twitter, blog, Flickr, Myspace,Tagged, WAYN and more………………………….  How do you remember all these IDs and more importantly the passwords ………..

There could be simpler options that most people tend to : one is to have a common password for all their transactions or to have some simple easy to remember passwords – both have their drawbacks.

Heard of the word ‘compromise’ – settlement of differences is good in life but not on the web.  We tend to have so much of personal information associated with our web activities and one would shudder to think that somebodyelse could access all these information by simply hacking and gaining access to their accounts. Hackers use programs that guess passwords-- the general technique is often termed "cracking".  Users also give away their passwords, either as victims of social engineering or even knowingly to colleagues. 

You would know :  LinkedIn  - a professional social networking website. Founded in December 2002 and launched in May 2003, unlike Facebook,  it is mainly used for professional networking. The site is available in English, French, German, Italian, Portuguese, Spanish, Dutch, Swedish, Romanian, Russian, Turkish, Japanese, Czech and Polish.  LinkedIn's CEO is Jeff Weiner, previously a Yahoo! Inc. executive. The company was founded by Reid Hoffman and founding team members from PayPal and  LinkedIn started out in the living room of co-founder Reid Hoffman in 2002. The site claims that every second, two new professionals sign up the network !!

The site claims that as of March 31, 2012, LinkedIn operates the world’s largest professional network on the Internet with 161 million members in over 200 countries and territories. Sixty-one percent of LinkedIn members are located outside of the United States.   It is a glorious platform for job seekers, employers and professionals to share their thoughts and seek professional advice from various forums that one can create and access.  There are specialized forums for Insurance, Insurance claims, Marine Insurance etc., too in LinkedIn.  

Recently, hackers gained entry into LinkedIn’s database stealing passwords !!  Now it is reported that more than 60% of the unique hashed passwords that were accessed by hackers from a LinkedIn password database and posted online this week have already been cracked, according to security firm Sophos.  It's very likely the remaining passwords have also been cracked, said security researcher Chester Wisniewski late Wednesday. In all, a total of 6.5 million hashed password believed to belong to LinkedIn members was posted on a Russian hacker forum earlier this week. The crooks posted the data in an effort to get help in cracking the passwords.
Sophos said it identified about 5.8 million hashed passwords as unique.

Some state that the  speed at which so many hashed passwords were cracked underscores the weakness of the passwords protection scheme used by LinkedIn.  When you type your password, you might see them to be in asterisks – but sure the company owning that site can see the PW.  They store them in various fashions, some secure and some not so secure.  In a carefully worded blog post LinkedIn director  is quoted as saying that the company had disabled all the compromised passwords and was instructing affected members how to access their accounts to reset their passwords.  It remains unknown is how the data was obtained, how long the hackers may have had access to it, and what other data might have been accessed.

Typically in most places,password data is stored along with other account details. So if someone had access to the passwords, they very likely had access to other account information as well. If your password was compromised, you will not be able to use it to log into your LinkedIn account. LinkedIn has said that it is contacting users whose password has been compromised with instructions on how to reset their password.  Worser still, with those details, the hackers could try and gain entry to your other online accounts.  There are reports that the same hackers had done some harm to e-Harmony accounts as well. 

Check in your accounts and if you apprehend that some unusual activity, immediately change your password to a tougher one. Additionally, if you have used that password on other sites or services, you should change that password on those sites as well. As someone wrote this morning, if you are to ask ‘LinkedIn – what’ – sure, life is beautiful and uncomplicated, you can continue blissfully with whatever you have been doing

With regards – S. Sampathkumar.

1 comment:

  1. AdWords Learning Center material has already covered these topics so you should not be worried about it.

    Company Test Papers