FAQ: LinkedIn breach -- what members (and others) need to know
Tackling user questions on what's known so far on what happened to stolen LinkedIn data, and what can be done about it
Computerworld - Hackers have apparently accessed close to 6.5 million hashed passwords from a LinkedIn database and posted them and data associated with them online. So far, researchers say, about 60% of the unique passwords in the dump have been cracked and there are signs that the rest will soon be as well.
Here's some information for LinkedIn users specifically, and all Internet users in general.
What happened? Surprisingly, it's not clear yet exactly what happened.
Earlier this week, a 118MB file containing 6,458,020 hashed password was posted on a Russian hacker forum. The posters said they needed help in cracking the passwords.
Security analysts who inspected the data dump noticed that many of the passwords appeared to be associated with LinkedIn member accounts, which led to the conclusion that all the passwords belonged to members of the social networking site for business professionals. It remains unknown is how the data was obtained, how long the hackers may have had access to it, and what other data might have been accessed.
How has LinkedIn responded publicly to the reports? The company has said precious little so far. Apart from a brief blog post confirming that "some" member passwords were compromised, the company has said nothing about the nature or scope of the compromise.
The company says it is investigating the incident.
Did the hackers obtain email addresses associated with the passwords? That remains unclear as well. To this point, only the passwords have surfaced online. But security analysts believe it's likely the hackers have accessed email addresses and other account data as well.
If User IDs were not obtained what's the big deal? If so, that would diminish the seriousness of the compromise. Typically however, password data is stored along with other account details. So if someone had access to the passwords, they very likely had access to other account information as well. The fact that the data has not surfaced could mean that either the hackers don't have it, or they simply haven't released it.
What does it mean to me? If you're a LinkedIn user, it's a good idea to change your password, especially if you use the same password to access other online accounts. Make sure to use a STRONG password.
If your password was compromised, you will not be able to use it to log into your LinkedIn account. LinkedIn has said that it is contacting users whose password has been compromised with instructions on how to reset their password. The company has made clear that the email with instructions on how to reset the password will NOT contain any links. If you have not received an email yet, or if you are still able to access your account using your old password, it means that either your password was not compromised, or that LinkedIn doesn't it yet.
- Snowden advocates at SXSW for improved data security
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts