LinkedIn hack, press hype?

password hacking

Having read the LinkedIn report about the alleged hacking recently it all appears to be an old storm in a tea cup. These days we must accept that everyone, right down to the sole trader with one email account, is likely to be hacked at some time. That is to say a malicious attack on their IT and web infrastructure.

It’s not easy to say why these attacks happen because the motivation varies but happen it will.

wordpress loginAs I’ve said to my clients many many times; your security is only as good as your password. If a password is compromised the hackers can fill their boots. Larger corporations appear to be vulnerable to hacking and there is of course a possibility that a government may want to test another countries security just in case there’s a need to destabilize.

Let’s stick to the realistic world of local businesses. The chances of you being hacked are slim but the consequences if it happens can be devastating…

  • lost data
  • emails compromised
  • web pages deleted
  • accounts lost

Our advise to any business is to ensure your passwords are strong, Microsoft is saying…

    • Is at least eight characters long
    • Does not contain your user name, real name, or company name.
    • Does not contain a complete word.
    • Is significantly different from previous passwords.
    • Contains characters from each of the following four categories:
Character category
Examples

Uppercase letters

A, B, C

Lowercase letters

a, b, c

Numbers

0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces

` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /

All our passwords issued for emails, WordPress and FTP are generated by the server operating system and conform to the above and more. We have a policy of not allowing clients to chose a password and when we issue passwords, warn of the consequences!

This is the LinkedIn statement received this week (May 16)

Notice of Data Breach
You may have heard reports recently about a security issue involving LinkedIn. We would like to make sure you have the facts about what happened, what information was involved, and the steps we are taking to help protect you.
What Happened?
On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.
What Information Was Involved?
Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.
What We Are Doing
We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.
LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.
What You Can Do
We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.