Another day, another hack – LinkedIn

LinkedIn, the famous professional social networking site, was hacked in 2012.  At first, it was thought that only 6.5 million accounts were hacked.  A few weeks ago, it turns out that more than 165 million accounts have been hacked.

Now the hackers did not get the password.  They got your email addresses, and the password hash.  The hash is essentially an encrypted version of the password that can not be decrypted.  Now before you feel better about it, don’t.  These hashes can be brute forced (meaning the hacker can try and guess it), or, if you used one of the known passwords, they would have it instantly.

Not good at all.

The LinkedIn Privacy Policy has this statement (that I thought was hilarious)…

We protect your personal information using industry-standard safeguards.

Sure, they used SHA1 to hash the password, but they did not use a salt.  A salt is a random string that is added to the password so that even if you use a password that the hacker knows about, he won’t be able to guess it.  So sorry LinkedIn, you did NOT use industry standard safeguards.  If you had, the passwords would have been salted in the first place.

The risk to us, is that if you used the same password everywhere else, then chances are the the hackers will try to compromise those systems.  So start changing your passwords.

Isn’t it amazing, that even today, we still can not trust our internet companies with our passwords.  There are constant breaches happening, and somehow they just do not learn.  It is really not that difficult.  Hacks like these happen because someone did not do his job.  It is as simple as that.

Have you been a victim of the hack?  Find out at https://haveibeenpwned.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *