LinkedIn, a business oriented social networking site which was founded in the year 2002, has recently found its way in the headlines for the latest data breach committed by hackers on May17, 2016. This wasn’t the first time it had faced such a breach. On 5th June, 2012, a group of hackers managed to get hack 6.5 million user accounts and by the morning of June 6, passwords of such accounts were available online in plain text. This was followed by an apology by LinkedIn asking its users to immediately change their passwords. The company officials implemented a mandatory password reset for affected users. The internet security experts stated that the passwords were easy to unscramble because of LinkedIn’s failure to use a salt when hashing them, which is considered an insecure practice.
The breach which had affected around 6 Million users was just the tip of the ice berg. According to the latest news, the data that was hacked recently on May 17th, 2016, was advertised on a dark website named Real Deal by someone with the user namepeace_of_mind. It offers the hacked data of 167 million accounts for five bitcoins, which at current exchange rates is worth about $2,200. After becoming aware of the data breach, LinkedIn sent out an email stating that they are taking immediate steps to invalidate the passwords of the affected accounts, and they will contact those members to reset their passwords. Further, LinkedIn invalidated the passwords at risk. They also suggested the users to visit their safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible. Surprisingly, LinkedIn’s response to the most recent breach is to repeat the same procedure which it had adopted in the original breach, by once again forcing a password reset for only a subset of its users.
This hacking has been attributed to the insufficient security measures which were undertaken by LinkedIn. The leaked source reveals that most of the passwords which were hacked were extremely common passwords. According to the leaked source around 2.2 million of the 117 Million passwords which were exposed were easily guessed passwords. The password selling site also claims that passwords were stored in SHA1 with no salting, and this is not what internet standards propose. However, LinkedIn claims that after the breach which took place in 2012 For the full article click here
from hacker samurai http://ift.tt/1Pc6Mzi
via IFTTT
No comments:
Post a Comment