LinkedIn admits massive data breach
|07 Jun 2012 2:41 BST||Back|
Also in the news
LinkedIn has admitted a massive data breach after log-in information and passwords for 6.5 million people were posted on a Russian hacker site.
It’s the second data breach on a social media site in a week. Last Wednesday online dating service eHarmony admitted that 1.5 million user passwords had been breached after security experts found scrambled files with passwords for millions of online accounts.
LinkedIn has more than 161million members worldwide while eHarmony has more than 20 million registered online users.
LinkedIn announced the data breach on its official blog and also posted updates for users and journalists on Twitter. The LinkedIn blog advises users that those whose accounts have been compromised will no longer be able to use the password.
They should look out for an email from LinkedIn with instructions on how to reset their passwords.
The news comes just days after the New York Times raised security concerns about LinkedIn’s new iPhone and iPad app.
Security researcher at Rapdid7, Marcus Carey said in a Reuters report that he believed the hackers had been inside LinkedIn’s network for at least several days.
“If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time,” Carey warns.
At least two security experts who examined the files containing the LinkedIn passwords said the company had not used best practices for protecting the data.
They criticise LinkedIn for using a basic (vanilla) technique for encrypting the passwords which meant the hackers could quickly unscramble the passwords after they had cracked the formula. LinkedIn has not commented on the criticism as yet.
The DMA will look at data breaches and what organisations can do to avoid them in the June issue of the DMA legal newsletter (on 26 June). DMA members can sign up to the legal newsletter by updating their preferences here.