Techzim

Zimbabwe and regional technology news and updates

advertisement
advertisement

RECHARGE

Nyaradzo logo

LinkedIn passwords leaked on the internet. How you can protect your account

If you’re on the popular professional social network, LinkedIn, you really want to change your password immediately. Yes you do. LinkedIn suffered a hack yesterday whose payload was the leaking of some 6.5 million passwords onto a Russian hacking site. The security breach was confirmed by LinkedIn itself admitting that some passwords were indeed stolen from the website.

LinkedIn says it’s investigating the matter to establish how exactly the passwords were stolen and that in the meantime they have closed access to the compromised accounts until the owners of the accounts have changed them.You can also help yourself by changing the password, whether LinkedIn has closed access to your account or not. Just go to LinkedIn.com, log in, hover the mouse over your name (top right corner), click settings and you’ll be taken to a page where you can change your password.

One important thing to look out for is that the unscrupulous lot in cyberspace are taking full advantage of this Linked password scare by using phishing emails to fool unsuspecting members of the network into downloading malicious software, supposedly to help secure their accounts. You don’t want to fall victim to that so just avoid clicking on links in emails purporting to be from LinkedIn. LinkedIn has a specific way its dealing with compromised accounts


Quick NetOne, Econet, And Telecel Airtime Recharge

6 thoughts on “LinkedIn passwords leaked on the internet. How you can protect your account

  1. Linkdin used sha-1 to secure its passwords and i dont thnk phishing was used Here’s what Imperva found: The
    most common password used
    was “123456,” followed by
    “12345″ and “123456789.” All
    in all, more than half a million
    people chose passwords
    composed of only consecutive
    numbers. So, if a hacker tried to
    log in to all RockYou accounts
    with just one password
    attempt–123456–every
    hundred or so attempts would
    yield a compromised account.
    Dozens of attempts can be
    scripted every second, so
    Imperva estimates that using
    this technique would only take
    around 15 minutes to hack
    1,000 accounts.
    when is jumpstart. Happy people

  2. It is worth pointing out that the passwords were leaked in a hashed form (with no corresponding username), However it appears they are not salted hashes which is quite concerning as salting means each password will need individual cracking to discover. For those who do not know a salted hash is when you take the password, append a set of random characters (also saved in the db) and hash (a non reversible type of encryption) the result is stored in the database. When a user enters their password the system pulls out their salt, appends, hashes and compares.

    The bonus to a salted system (over just plain hashing) is that if a hacker gets a password list (in this case) they have to run hashes for each line with each salt as they cannot just compare the entire database to a dictionary of hashes. Hence making finding out the password a much slower process. It is being reported at the moment 200,000 of the 6.5 million passwords have been discovered, these are probably the most common ones like “password” or “12345”.

    A good rule of thumb when coming up with passwords is to have at least three, one for unimportant sites like facebook / linked in etc where the biggest damage is maybe some dodgy messages (you should never have any important information on these sites like ID Numbers etc). The second password is for important sites like internet banking, applications with important private information etc. And a third to secure your email, this must be the most secure as with access to your email a hacker can reset any of your other accounts (generally).

    Another good way of making passwords is to create a sentence in your head and then take the first letter of each word, and append numbers and a special character this results in a “random” string of letters but is easy for you to remember as you need only remember the sentence.

Comments are closed.