Hackers compromise 6.5 million LinkedIn user passwords

Last week LinkedIn learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. According to Vicente Silveira, director at LinkedIn, most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately only a small subset of the hashed passwords was decoded and published.

LinkedIn targeted by password hacking ninjas
In his LinkedIn blog post, Silveira said: "To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event."

David Goldman of CNN Money says that LinkedIn was using an outdated form of cryptography to secure its users' private information: SHA-1, a publicly available cryptographic hash function designed by the United States National Security Agency. That is why security experts recommend that companies add another security layer called ‘salt’.

Goldman explains: “Salt randomly adds another piece of information to the password. It could be a user name, first name, or even a random number - it changes the underlying text enough to make it almost impossible to decode.”

Some people have questioned how it is possible that a company like LinkedIn uses a reversible encryption algorithm to store the passwords when passwords should always be encrypted one-way and should never be recoverable. Others argue that LinkedIn does not use reversible encryption - hackers just have to run a dictionary attack, encrypt the dictionary words and then compare the returned values.

The fact that the perpetrators are based in Russia, will make the job of the FBI investigators a tricky one. . As for me, I have difficulty in remembering all the passwords I use for different sites – some want characters and numerals, other want upper and lower case, and so on. Maybe the hackers are out to help people like me. Just joking!

Photo courtesy of  www.FreeDigitalPhotos.net.

Subscribe to Insights into PR and online marketing

Bookmark and Share

Sedacca

Stone Junction is a cool technical PR agency based in Stafford. We work for all sorts of businesses, with a particular focus on technology, technical and engineering companies. We like being sent cake and biscuits by clients, journalists and prospects.

No comments: