11.06.2012 LinkedIn loses it over password hack

Last week it emerged that hackers were trying to crack the accounts of 6.5 million users on LinkedIn.

The passwords were taken in ‘hashed’ form, meaning that some work was still required to convert the passwords into a useable form.

What happened next is that the hackers announced that they had managed to recover hundreds of thousands of passwords. This is where the problems for LinkedIn users begin.

It’s bad enough that serious security issues were brought to the fore by this hack, when it was revealed that LinkedIn does not even use ‘salting’. For the non-tech savvy, this term refers to how you secure information online.

As stated by a spokesman for American security firm Imperva:

“Salting in layman’s terms, complicates the process of a hacker cracking a password. Not only do you encrypt the password, but append it with a random string of characters so even if those passwords are revealed, they look like gobbledygook.”

The real problem was the sheer lack of communication between LinkedIn and their users on this issue. Such a severe breach of security should have sent LinkedIn’s PR team into overdrive to counteract any rumours which were developing and reassure their users that the situation was under control.

What actually happened was that there was a seven hour delay before the company even acknowledged the breach.

This highlights a breakdown down in communication between the company and users. If such a breach had occurred with either Facebook or Twitter, it’s hard to imagine that the reaction would have been so slow.

LinkedIn has since vowed to beef up security and promised to email users who have been affected by this.

The best course of action for anyone affected (click here for a handy tool to help you check if you have been) is to immediately change their password. If, like me, you use the same password for multiple accounts I would advise you to change them as well. There are two easy ways you can go about protecting yourself from future hacking attempts;

  1. Use a different password for every account you are using.
  2. Change your passwords on a regular basis, to keep the hackers guessing.

Whilst these solutions are by no means exhaustive, they should help you from having to deal with the hassle and anger of having your personal details stolen.