It’s been a rough day for Linkedin, first with news that its iOS app collects full meeting notes and details from a device’s calendar and sends them back to the company in plain text. Then later news that more than 6.5 million password were reported compromised.
Norweigan IT website Dagens IT first reported the breach, noting that “Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Those who posted it wanted help to crack the codes, which is common in such environments, says password expert and consultant in Evry, Per Thorsheim. – Unfortunately, they are in a format that makes it relatively easy to break them, he said. According Thorsheim there is much to suggest that passwords are derived from LinkedIn, the great social network for professional users. It could mean that many lucrative users now are at risk for ID theft.”
Change Your LinkedIn Password Immediately. Don’t Worry About LinkedIn’s Calendar Sync.
If you haven’t already done so, please update your linkedin password, this is even more important if you use the same password on linkedin as well as on other websites.
This is just the latest hack in a long line of password related exploits over the last few years. A Forbes article describing a 2010 hack on a social-gaming company called RockYou suggested that hackers can be more efficient when they target large groups of people rather than trying to crack one person’s password. By casting a wide net, a hacker gained control of over 32 million RockYou user passwords. Security company Imperva, which discovered and announced the security hole in RockYou’s database systems, analyzed the stolen passwords and published a paper based on the password data.
Here’s what Imperva found: The most common password used was “123456,” followed by “12345″ and “123456789.” All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt–123456–every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.
Last month Facebook admitted that hackers are breaking into hundreds of thousands of Facebook accounts every day. Out of more than a billion logins to the website every 24 hours, 600,000 are impostors attempting to access users’ messages, photos and other personal information Facebook said.
If you are like me and use a lot of different passwords, you may want to consider using a password manager to help organize your passwords. Password managers or ‘vaults’ typically have a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form filler, so they fill the user and password data automatically into forms. These are implemented using a browser extension, mobile phone, smart card or USB stick application that communicates securely with the browser.
Below are some of the more popular password management choices.
The App is available for Windows, Mac, Linux and a variety of mobile platforms. (Free limited edition)
1Password is another popular choice and states it “can create strong, unique passwords for you, remember them, and restore them, all directly in your web browser.” A unique aspect of 1Password is it allows you to use the free Dropbox cloud storage service so you can easily keep 1Password in sync on all of your computers and mobile devices.
1Password software is available Windows, Mac, iPhone, iPad, and Android. (Free demo edition)
Linkedin Hacked: Change Your Password Now