promote webinar 160x1200

promote webinar 160x1200

promote webinar 600x108 2

Friday, 08 June 2012 00:12

LinkedIn clams up, on the back foot over security breach

By

Following the password breach announced earlier today, LinkedIn seems to have pulled the shutters down, refusing to elaborate on what went wrong.

Announced overnight, LinkedIn's small hacking problem has escalated wildly. Latest reportssuggest that at least 60% of the breached accounts passwords have already been cracked.

iTWire strongly recommends everyone log into LinkedIn and change their password. And those readers silly enough to reuse the password at sites which know the same email address should also change the password there (to something different!).

Sophos agrees with this sentiment.

With this breach clearly in mind, this afternoon iTWire approached LinkedIn for their thoughts on the breach. In response, we were told:

"We aren't participating in interviews at this time. However, we will continue to keep you in the loop regarding updates via the LinkedIn blog."

Goodness, all we wanted to know was what this meant for LinkedIn's subscribers.

For want of an answer, these are the questions we'd hoped to have answered (please excuse the 'chatty' language).

1. What led LinkedIn to detect the breach? Did you find out yourselves? Were you told? Did someone find the password dump and report to you guys?

2. Who has received the notification email? How confident are you that it has gone to all affected members? (I don't seem to be affected, I didn't receive any email and earlier today was able to log in and changed my password)

Note - at least 2 iTWire staffers found their LinkedIn account had been disabled and did NOT receve an email.

3. According to Vincente's blog (linked above) he refers to "enhanced security we just recently put in place." Does "recently" refer to before or after the breach was detected, as I would have expected the kinds of things he outlined would have been regarded as Security 101 topics... not an upgrade of existing security.

4. What is the background to confirming that "some of the passwords that were compromised correspond to LinkedIn accounts?" Is Vincente suggesting there is garbage in the list, that there is no matching LinkedIn account for a good number of the passwords? Also, if, as you are saying that only passwords are leaked, how are you linking them back to accounts? Is it a simple match-up of password hashes?

The remainder of our questions (and some analysis) are on the next page.


5. Has anyone analysed the login activity of those accounts that appear to have been breached for login attempts (whether successful or not) from IP address not previously used? Presumably there will be account access attempts for multiple accounts from a very small number of IP addresses. In addition, I would have thought that those members affected would like to know what data was read by any potential intruders.

6. How was the data obtained? It would seem that 6 million out of 140 million is a strange amount. Neither all of the database nor an amount that could be manually harvested. Was this an insider job? A genuine across-the-web hack? Something else?

All important to those affected and to most Internet users.

To this, we repeat the response (mentioned earlier) from LinkedIn's Australian representative, "We aren't participating in interviews at this time. However, we will continue to keep you in the loop regarding updates via the LinkedIn blog."

This is simply not good enough. Not remotely good enough, especially for a publicly listed company.

Allow us to observe that organisations that are open about such problems tend to engender public support. Those that duck the issue seem to be taking the first step on a downward spiral to destruction.

And in the highly volatile social networking world (and the publicly-listed company world), confidence is everything.

BTW... for those intrepid souls who seek the stolen passwords; they're not on PasteBin (this time!). Also, if you trust it enough, there's a site (https://leakedin.org/) that will compare your password against the stolen list (of course, readers are welcome to randomly try password jackpot!).

Oh, and one other thing... will actively-trading LinkedIn shareholders treat this as a good thing, or a bad thing?


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments