June 7, 2012
LinkedIn Hacked and Member Passwords Stolen
Our focus here at FrontPoint is on home security – providing the peace of mind that you need and deserve with state-of-the-art alarm and home automation technology that leaves you feeling both protected and connected. But we also follow other types of security issues, like identity theft, PERS (Personal Emergency Response Systems), and more. When we saw the headline this morning about LinkedIn user passwords being hacked, we knew it was exactly the kind of alert that we wanted to share with our readers.
Hours after LinkedIn members reported that their passwords were on a list of stolen passwords, LinkedIn confirms it. LinkedIn said today that some passwords on a list of allegedly stolen hashed passwords belong to its members, but did not say how its site was compromised. "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post.
OK, What’s LinkedIn?
For those unfamiliar with LinkedIn, the company bills itself as the “World’s Largest Professional Network.” Roughly ten years old, and with about 150 million users, it’s certainly the best known and mostly recognized service of its type. I have over 500 “Connections” – a lot more than my meager list of Facebook Friends, but I’ve been a Linked member for much longer.
It is unknown how many passwords have been verified by LinkedIn. LinkedIn has disabled the passwords on those accounts, it said. Account holders will receive an e-mail from LinkedIn with instructions for resetting their passwords. The e-mails will not include any links. Phishing attacks often rely on links in e-mails that lead to fake sites designed to trick people into providing information, so the company says it will not send links in e-mails. Affected account holders will then receive a second e-mail from LinkedIn customer support explaining why they need to change their passwords.
So How Many Were Hacked?
Other sources have reported that over 6,000,000 passwords were stolen, which is why LinkedIn has recommended that any LinkedIn user may be well advised to create a new password.
The password list that was uploaded to a Russian hacker server (which has been removed from the site now) has nearly 6.5 million items, but it's not clear how many of the passwords were cracked. Many of them have five zeros in front of the hash; Kocher said he suspects those are ones that were cracked. "This suggests that this may be a file stolen from a hacker who had already done some work on cracking the hashes," he said.
And just because an account holder's password is on the list and appears to have been cracked, doesn't mean the hackers actually logged into the account, although Kocher said it's highly likely that the hackers had access to the user names too.
Cause for Greater Concern
And if people use the LinkedIn password as their password for other accounts, or a similar format to the password, those accounts are now at risk. Here are some tips on choosing strong passwords and what to do if your password may be among those on the LinkedIn list.
LinkedIn's Silveira said LinkedIn is investigating the password compromise and taking steps to increase the security of the site. "It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," he wrote. "We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously," Silveira added. "If you haven't read it already, it is worth checking out my earlier blog post today about updating your password and other account security best practices."
We’ll keep an eye on these security-related security issues for you, and post the particulars on developing trends and the latest technological advances. We do know that technology can have its challenges, and that applications continue to evolve: in our industry, FrontPoint has led the way with 100% cellular monitoring and interactive features, including smart home technology. That’s why we're the leader in wireless home security, and the #1 ranked alarm company in the US – and we earned that spot with technology, pricing, and customer satisfaction that leaves the others far behind. That’s why smart (and smart home!) shoppers choose FrontPoint: safer, smarter, simpler, more affordable, and virtually impossible to defeat. Just read the reviews, and you’ll want a FrontPoint system too. And change that password!