We trust everyone has heard about the LinkedIn password hack day before yesterday. In what seemed to be a carefully planned attack, hackers managed to crack the encryption that the website employs to protect their user data. Once decrypted, the whole bunch of passwords were posted to a Russian website. We last heard that some 6.5 million passwords were compromised. LinkedIn has a userbase of 160 million. Source: thesun.co.uk LinkedIn has issued a statement saying that they were investigating the matter further. They have also given the compromised users information on how LinkedIn plans to get their accounts back on track, on its official blog . Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords. So how do you know if your account has been compromised? Some enterprising New York based guys have managed to put together a web-based app which checks all the compromised password hashes and tells you if your account has been hacked or not. It is cheekily named ‘LeakedIn’ . I used it to check whether my password was cracked and it seems it was! This is what I got. Firstly, I am little shocked! Then I tried to calm myself down asking what would these hackers do with my password anyway? It seems they have only published the password hashes and not the corresponding username. No one knows for sure if that is the case. If they have both bits of data then yes things are bad. They have all my data, including addresses, my contacts, a brief history of who I am and what I do. Although sitting here in India, the whole thing doesn’t look that bad! I have thankfully chosen different passwords for all my social media and online services. Those of you who keep a common password because it is easy have to remember that once something like this happens, a potential hacker has access to all your social media properties. They could do anything with it and basically your whole online life could be compromised. The implications are huge and it is therefore wise to choose different passwords for different online accounts. Maintain all these passwords in one place, say a document which you can further encrypt. I know it is time consuming but it seems to be the safest way. Secondly, I am hugely disappointed with LinkedIn over the security measures they have implemented. I know hackers are a persistent lot but if you are a technology company, you are bound to make your service as secure as possible. In a world which is enamoured by cloud computing, we are putting more and more of our data online so that we can have unfettered access to it. Events like these make me wonder if all that is really safe. There have been vocal critics of the cloud and online services but I didn’t agree with them then. Right now, I and many others will be forced to rethink the whole cloud thing. The fact of the matter is that online companies need to put more of their effort into developing a super secure service. How do you think technology companies can really make sure that their service is hack-proof? Share your opinions with us. Looking For A Social Media Agency?? – Contact WATConsult – India’s Leading Social Media Agency
[via WATBlog.com - Web, Advertising and Technology Blog in India]
Follow us @technologyheat – lists / @sectorheat
Follow us @technologyheat - lists / @sectorheat
