Latest news
First they were accused of storing users' potentially confidential private and business information on the company servers without their knowledge, and then it has been discovered that a batch of what are allegedly the LinkedIn passwords of some 6.5 million users was published on a Russian forum.
The passwords in question are in hashed form and the individuals who made them available for download have asked for help in decrypting them.
Various security firms have jumped to the task, and all of them have confirmed that among the passwords there are many who contain the word "linkedin", so the leak seems genuine.
Some Twitter users have searched the batch for their own hashed passwords and have found them (or that of their friends), confirming that assumption:
As pointed out by Eduard Kovacs, even though the batch contains only passwords, it is extremely likely that the individuals behind the leak have the usernames (email addresses) that go with them.
LinkedIn is still investigating and has yet to confirm the genuinness of the leak, but LinkedIn users would do well to change their passwords immediately just in case, and to do so on any other account where they might have used the same password or login credential combination.
Cameron Camp, Security Researcher at ESET, commented the leak for Help Net Security:
"The difference with this hack, as opposed to many others, is that people put their REAL information about themselves professionally on the site, not just what party they plan on attending, ala Facebook and others. And every time one of your LinkedIn contacts updates their profile, you get updates from LinkedIn showing what’s happening. This has the aggregate effect of garnering a form of peer review on what you post about yourself, knowing that it is exposed potentially to those business or career contacts that have a direct impact on your life. In other words, mess with somebody’s professional profile, and you’re messing with their life, and their contacts know about it."
"The bigger question is what is the aggregate value of this level of business intelligence about an individual, let alone a whole business sector? This is the kind of information that advertisers and bad actors alike drool over. If, for example, you knew your competitors were losing staff at a rapid pace, it might affect a merger/acquisition negotiation, potentially swinging the value of the deal significantly. Also, since LinkedIn can be used as a sort of timeline of a users REAL history, there are deep stacks of historic business intelligence that can be garnered."
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
