Written by: Rikki Lux
On Wednesday, June 6, 2012, a Norwegian website reported that a file containing 6.5 million passwords from the social media and professional networking site LinkedIn had been added to their website with requests for help cracking them. This was confirmed by Graham Cluley, a web security consultant in the U.K. The passwords were encrypted with a complicated algorithm that required the hackers to spend some time cracking them. This means that the weakest passwords were most at risk, and stronger passwords may not have been cracked by the hackers at all.
When the internet started buzzing about a possible hacking of the professional social networking site LinkedIn, the company posted a tweet that said they were “looking into reports of stolen passwords.” Two hours later, a tweet appeared that said, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred.”
Since Wednesday, LinkedIn has yet to release a formal statement confirming the severity of this serious infringement of their user’s privacy, but they have provided information and password-strengthening tips on their blog to help protect users from any further intrusion to the site. Although they have not provided any concrete information as to the extent of the hacking, LinkedIn has reset the passwords of all accounts believed to have been compromised. LinkedIn also has encouraged all of their 150 million members to reset their passwords whether or not it has been hacked.
LinkedIn has been consistently updating their Twitter accounts, @LinkedIn and @LinkedInNews, regarding any new information about the hacking. Their most recent blog entry on June 9, 2012 said, “We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime.” LinkedIn has been adamant that there is no evidence that member information besides the passwords themselves has been published or shared online.
So what can be done to prevent online security breaches? The hacking of 6.5 million passwords is proof that creating a strong password is the best way to avoid password cracking. According to Jeremy Kirk, PC World columnist, “the longer and more complicated the password – using sprinklings of capital letters, numbers and symbols – the longer and harder it is to crack.”
Here are some tips on creating a strong password:
- Do not use only numbers. (In 2010, security company Imperva analyzed stolen passwords from a recent hack and found that half of the passwords were only numbers, greatly increasing the occurrence of the password being figured out.)
- Try creating a password that is not short and includes letters, numbers, and special characters. But don’t forget that it needs to be something you will remember.
- Refrain from using information that relates to your personal life, such as birthdays, nicknames, social security numbers, etc.
- Do not use extremely simple passwords such as ‘password’ or ‘123456’ because these passwords will be hacked before stronger passwords.
- Use a different password for every online account you have. Although it is easiest to use one password for all of your online accounts, there is a major drawback: it makes all of your accounts vulnerable to exposure.
- Change your password frequently, especially if you suspect unusual activity or complications with an account.
- Use a password manager like LastPass, but do not assume that it is impenetrable. Even password managers can be compromised – although it is highly unlikely because they use encryption (This means that your passwords are stored locally on your computer.) Check out their website for more information.
Changing a password as soon as possible after a security breach is the surest way to protect information from hackers. Situations like the LinkedIn password hacking proves that anything can be obtained online, and users must take steps to prevent themselves from being a victim.