LinkedIn security breach: What’s your password?

Last updated: 21 March 2014

Another major breach was announced in our social media world today. This time LinkedIn was the target and more than six million users are the potential victims. A Russian hacker claims the theft of 6,458,020 encrypted LinkedIn passwords and to prove it, posted the passwords on his website (thankfully without usernames). In addition, he asked for fellow hackers to come forward and help decode the hash protected passwords. 

Hackers can quickly work their way through a list and with the help of look up tables and rainbow tables, can crack approximately 40 percent of the hashes in the first day of the breach. The passwords did not contain “salt”, which is supposed to render these types of tables useless and, as I’m writing this, more than 60 percent of the stolen passwords have already been cracked.

“Why should I care if my social media account is hacked?” you may ask. Well, a whole host of bad things can come from a stolen account, even if it is for a site hosting your dusty resumé. Depending on what the hacker is able to obtain, your email address can be sold, your account spoofed, or hackers can even use news of the attack to send you a phishing email with a link to reset your password—a link to no good—downloading malware onto your system.

We’re all guilty of laziness and unfortunately it can come back to bite us financially in a situation like this. We’ve blogged many times about the risks of weak passwords and how the majority of people don’t put much thought into choosing a password. In fact, the most common password is “password!”

Today’s breach is a chance for us to take a step back and think about our online presence and stand up to the untold number of hackers across the world who are trying to steal our identities. Here are five simple questions to ask yourself. Each question to which you answer YES should be a red flag about your online safety.

  1. Do you use personal information in your password?
  2. Do you use words that can be found in the dictionary?
  3. Do you use the same password for most or all of your accounts?
  4. Are your passwords less than eight characters in length?
  5. Are most of your passwords all letters or all numbers? No mix of special characters, upper case and lowercase?

Granted, it’s hard to keep up with so many different passwords, but there are techniques for remembering your secure passwords, or secure passphrases. Here’s a great video from Sophos security guru Graham Cluley that may help you pick a stronger password structure.

Safe surfing everyone!