6.5 Million LinkedIn Passwords Leaked Out

Featured

Consumer:

Posted 377 days ago by Tony Anscombe

Yesterday, a Russian hacker claimed he was able to hack professional networking site LinkedIn®. And he posted 6.5 million passwords online to prove it.

According to Mashable, the passwords were protected with SHA-1 encryption, which was designed by the United States National Security Agency.

The vulnerability appears to be in how the passwords were stored and whether the passwords were basic words. Accounts protected by simple dictionary passwords such as “apple” or “orange” were probably among those compromised through simple trial-by-error.

LinkedIn was quick to inform users of the break-in and advise them on how to reset their passwords.

But ill-gotten LinkedIn passwords might also be used to access other accounts and even more personal information elsewhere. After all, it’s common practice to use the same user name and password to log into various sites and services across the Web. If hackers get your password to one site, it could be enough to bring down your entire house of cards.

So what can you do to protect your accounts?

Tips:

If you have a LinkedIn account, change your password immediately.
Don’t use a simple password that could be found in the dictionary. Alternate letters, numbers, upper case, lower case—whatever the particular password parameters allow. Check out this list of some of the most commonly used (and therefore inherently weak) passwords.
Create and maintain a handwritten document of online accounts and passwords. Put it in a safe. Do not store this on your computer and do not use the same password more than once.

Don’t respond to or act on any emails that appear to come from LinkedIn if the emails include links. This is a common phishing ploy, and LinkedIn said it will not include any links in any emails regarding this matter.

If you subscribe to online services, such as LinkedIn’s or another site’s premium services, put aside a credit card just for online purchases so that once it’s compromised, you can alert just the one credit card company of the breach. Do not use an ATM card for such purchases as you may lose access to cash anywhere from a few hours to a few days.

Consider creating Google alerts for any service that maintains your personal data. An alert for “LinkedIn” + “hack” could have alerted you about the recent intrusion and allowed you to quickly act.

When a security attack occurs, look for information about the attack either from the company that’s been hit or credible news sources such as CNET, Mashable or the Guardian.

Consider placing a security freeze on your credit report to prevent fraudulent accounts being opened in your name.

Remember, hackers can attack any site, big and small. LinkedIn is not the first well-known site or network to be compromised. Do not let any site or solution draw you into a false sense of security. You are your own last line of defense, so be sure to educate yourself on the dangers that exist online and how certain user behaviors can play into those dangers.

Care to discuss? You can always reach me here, on Twitter or Facebook.

Print Story

Email Story

http://lionosx.net/?p=399 What the password leaks mean to you (FAQ) | lionosx information

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://www.timeofpress.com/2012/06/08/what-the-password-leaks-mean-to-you-faq-cnet/ What the password leaks mean to you (FAQ) – CNET | The Time of Press

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://www.dailynewspages.com/2012/06/08/what-the-password-leaks-mean-to-you-faq-cnet/ What the password leaks mean to you (FAQ) – CNET | Daily News Pages

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://www.4wfca.com/what-the-password-leaks-mean-to-you-faq-cnet/ News: What the password leaks mean to you (FAQ) – CNET | News Aggregator for you

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://courtneyallenbernard.com/?p=5822 What the password leaks mean to you (FAQ) | courtneyallenbernard.com

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://newstalktv24.com/what-the-password-leaks-mean-to-you-faq-cnet/ News Videos – NEWSTALKTV24.COM

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://exploitarchive.com/what-the-password-leaks-mean-to-you-faq/ What the password leaks mean to you (FAQ) | Exploit Archive

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://www.6globe.com/what-the-password-leaks-mean-to-you-faq-cnet/ What the password leaks mean to you (FAQ) – CNET | See Global News

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://newsworlddigest.com/what-the-password-leaks-mean-to-you-faq/ What the password leaks mean to you (FAQ) | newsworlddigest.com

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://sumedhmodak.wordpress.com/2012/06/09/password-leaks-means-what/ Password leaks means what? « Sumedh Modak

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://snaggens.com/2012/06/09/what-the-password-leaks-mean-to-you-faq/ What the password leaks mean to you (FAQ) | Snaggens News

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://slinkingtowardretirement.com/?p=99049 Slinking Toward Retirement | What the password leaks mean to you (FAQ) | Security & Privacy – CNET News | News, Travel, Opinion and Just Odd and Funny Things…

[...] the one credit card company of the breach,” writes AVG security evangelist Tony Anscombe in a blog post. “Do not use an ATM card for such purchases as you may lose access to cash anywhere from a [...]
http://faxauthority.com/ Fax Authority

Good list, however to add one more you should change any passwords on other sites that you use the same email and password for linkedin for – ie if you use the same email and password for twitter, facebook, pintrest, etc. then you should change them.

Usually when situations like these happen, people change their compromised password but then don’t change their other passwords that are just as compromised….
http://networksecuritysoftware.co.uk/sophos/experts-from-avira-trend-micro-eset-sophos-avg-and-hackers-on-password-security.html Experts from Avira, Trend Micro, ESET, Sophos, AVG, and Hackers on Password Security | Network Security Software

[...] have also contacted AVG and asked them for some insight on this topic. They pointed us to this blog post in which they detail the steps to creating a strong [...]

Avatars by Sterling Adventures